CVE-2026-4253

A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function routesetuserpolicyrule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack...

CVE-2026-4253

The CVE-2026-4253 entry affects Tenda AC8 firmware version 16.03.50.11 in the Web Interface component, specifically the /cgi-bin/UploadCfg path and the route_set_user_policy_rule function. The issue arises from manipulating the wans.policy.list1 argument, leading to an OS command injection vulner...

PT-2026-25785

A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route set user policy rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack...

CVE-2026-2930

CVE-2026-2930 affects Tenda A18 firmware 15.13.07.13. The vulnerability is in the Httpd Service, specifically the function webCgiGetUploadFile in /cgi-bin/UploadCfg, where improper argument boundary handling causes a stack-based buffer overflow. Exploitation can be performed remotely, and public ...

CVE-2025-57085

Tenda W30E V16.01.0.19 5037 was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2023-49405

Tenda W30E V16.01.0.124843 was discovered to contain a stack overflow via the function UploadCfg...