CVE-2025-15252

Affected product: Tenda M3, version 1.0.0.13(4903). Vulnerable component: function formSetRemoteDhcpForAp in /goform/setDhcpAP. Root cause: manipulation of arguments startip, endip, leasetime, gateway, dns1, dns2 leads to a stack-based buffer overflow. Impact: remote attacker can trigger the over...

CVE-2025-12611

A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2025-10803

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the...

CVE-2024-57543

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field dhcpstartip is copied to the stack without length verification...

Vulnerability of the cgidhcpsCfgSet() function (Program:/bin/httpd) in Tenda W12 and i24 router microsoftware, allowing a hacker to execute arbitrary code

The vulnerability of the cgidhcpsCfgSet function Program:/bin/httpd in the Tenda W12 and i24 router microprogramming systems is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code when processing parameters such as startIp, endI...

The vulnerability of the formSetPPTPServer() function in the Tenda AC7 router’s microprogramming software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the formSetPPTPServer function in the Tenda AC7 router’s microprogramming software is related to the operation of writing data outside of the buffer in memory when processing the pptpserverstartip and pptpserverendip parameters. Exploiting this vulnerability allows a remote...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which is caused by improper handling of the pptpserverstartip/pptpserverendip parameters in the formSetPPTPServer function in the /goform/SetPptpServerCfg file...

CVE-2025-29357

Tenda RX3 USRX3V1.0brV16.03.13.11multiTDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted packet...

PT-2025-3476 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version V15.03.05.19 Description: The issue is related to a stack overflow in the formSetPPTPServer function when handling the startIP parameter. This can allow a remote attacker to impact the confidentiality, integrity, and...

The vulnerability of the formSetPPTPServer() function (/goform/SetPptpServerCfg) in the Tenda AC18 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetPPTPServer function /goform/SetPptpServerCfg in the Tenda AC18 router software is related to the operation of writing data outside the buffer in memory when processing the startIP parameter. Exploiting this vulnerability could allow an attacker to compromise the...

CVE-2024-2488

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The...

CVE-2023-41561

Tenda AC9 V3.0 V15.03.06.42multi and Tenda AC5 USAC5V1.0RTLV15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg...

CVE-2018-18730

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a pos...