CVE-2026-5830

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available...

CVE-2026-5830

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available...

CVE-2026-5830

CVE-2026-5830 affects Tenda AC15 firmware 15.03.05.18. The vulnerability resides in the function websGetVar of /goform/SysToolChangePwd and results from manipulating the arguments oldPwd/newPwd/cfmPwd, causing a stack-based buffer overflow. The issue can be exploited remotely, and public exploit ...

Tenda AC15 安全漏洞

The Tenda AC15 is a wireless router produced by the Chinese company Tenda. Version 15.03.05.18 of the Tenda AC15 contains a security vulnerability. This vulnerability arises from incorrect operations with parameters oldPwd/newPwd/cfmPwd in the function websGetVar within the...

PT-2026-31564

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.18 Description A stack-based buffer overflow exists in the websGetVar function of the /goform/SysToolChangePwd file. Manipulation of the oldPwd, newPwd, and cfmPwd arguments can trigger this issue. The attack can be...

CVE-2023-0782

A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed t...

CVE-2024-2816

A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been...

Tenda AC18 Cross-Site Request Forgery Vulnerability

Tenda AC18 is a router from Tenda, China. A cross-site request forgery vulnerability exists in Tenda AC18 version V15.03.05.05, which stems from a cross-site request forgery in the fromSysToolRestoreSet function of the /goform/SysToolRestoreSet file...

PT-2024-2380 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.18 Description: The issue is related to insufficient authentication of requests executed by the fromSysToolReboot function, accessible through the "/goform/SysToolReboot" endpoint. This can be exploited by a remote...

PT-2024-2381 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.18 Description: A vulnerability has been found in the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet, which is related to insufficient authentication of executed requests. This issue can lead ...

PT-2022-28018 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda A15 version 15.13.07.13 Description: A stack overflow issue was discovered via the SYSPS parameter at the "/goform/SysToolChangePwd" API endpoint. Recommendations: For Tenda A15 version 15.13.07.13, consider restricting access to the...

CVE-2022-45980

Tenda AX12 V22.03.01.21CN was discovered to contain a Cross-Site Request Forgery CSRF via /goform/SysToolRestoreSet...

CVE-2022-45504

An issue in the component tpisystoolhandle0 /goform/SysToolRestoreSet of Tenda W6-S v1.0.0.4510 allows unauthenticated attackers to arbitrarily reboot the device...

CVE-2022-45498

An issue in the component tpisystoolhandle0 /goform/SysToolReboot of Tenda W6-S v1.0.0.4510 allows unauthenticated attackers to arbitrarily reboot the device...

Tenda W6 安全漏洞

Tenda W6 is a wireless WiFi AP access point router from Tenda, China. A security vulnerability exists in Tenda W6-S version v1.0.0.4510, which stems from an issue with component tpisystoolhandle0 /goform/SysToolRestoreSet that allows an unauthenticated attacker to arbitrarily reboot the device...

CVE-2022-45668

Tenda i22 V1.0.0.34687 is vulnerable to Cross Site Request Forgery CSRF via function fromSysToolReboot...

CVE-2022-42087

Tenda AX1803 USAX1803v2.0brv1.0.0.12994CNZGYD014 is vulnerable to Cross Site Request Forgery CSRF via function fromSysToolReboot...

Tenda AC1206 跨站请求伪造漏洞

The AC1206 is a high performance router designed with Gigabit ports for both WAN and LAN ports. Tenda AC1206 firmware version USAC1206V1.0RTLV15.03.06.23multiTD01 has a cross-site request forgery vulnerability in the /bin/httpd file in the fromSysToolRestoreSet function /goform/ SysToolRestoreSet...

Tenda AX1803 跨站请求伪造漏洞

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. A cross-site request forgery vulnerability exists in the Tenda AX1803 firmware, version USAX1803v2.0brv1.0.0.12994CNZGYD014, which exists in the /bin/tdhttpd file fromSysToolReboot function/goform/SysToolReboot page. An attacker...

CVE-2022-27374

Tenda AX12 V22.03.01.21CN was discovered to contain a Cross-Site Request Forgery CSRF via the function sub42E328 at /goform/SysToolReboot...