Ac10 Firmware Security Vulnerabilities and Issues — Ac10 Firmware CVE List

Lucene search

TendaAc10 Firmware

78 matches found

CVE•added 2018/10/30 6:29 p.m.•984 views

CVE-2018-14558

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands vi...

10CVSS9.7AI score0.81989EPSS

CVE•added 2023/04/07 2:15 a.m.•78 views

CVE-2023-27017

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2023/04/07 2:15 a.m.•78 views

CVE-2023-27018

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2022/07/07 7:15 p.m.•70 views

CVE-2022-32054

Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.

10CVSS9.9AI score0.21692EPSS

CVE•added 2025/06/05 3:15 a.m.•70 views

CVE-2025-5629

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to in...

9.8CVSS8.9AI score0.0011EPSS

CVE•added 2024/02/15 7:15 p.m.•68 views

CVE-2024-25373

Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function.

4.6CVSS7.7AI score0.00066EPSS

CVE•added 2025/02/20 11:15 p.m.•64 views

CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary co...

9.8CVSS9.8AI score0.00181EPSS

CVE•added 2025/02/20 11:15 p.m.•59 views

CVE-2025-25674

Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.

9.8CVSS9.5AI score0.00071EPSS

CVE•added 2024/03/18 3:15 a.m.•54 views

CVE-2024-2581

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

9CVSS9AI score0.00447EPSS

CVE•added 2024/03/24 7:15 a.m.•53 views

CVE-2024-2856

A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launche...

9.8CVSS8.8AI score0.00241EPSS

CVE•added 2023/04/07 2:15 a.m.•52 views

CVE-2023-27013

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2024/04/17 4:15 p.m.•49 views

CVE-2024-32317

Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function.

7.5CVSS7.4AI score0.00243EPSS

CVE•added 2025/04/17 6:15 p.m.•48 views

CVE-2025-25455

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.

7.5CVSS6.6AI score0.00077EPSS

CVE•added 2025/04/03 3:15 p.m.•48 views

CVE-2025-3161

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been d...

9CVSS7.3AI score0.0008EPSS

CVE•added 2022/10/17 1:15 p.m.•47 views

CVE-2022-42163

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2022/10/17 1:15 p.m.•47 views

CVE-2022-42164

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2023/04/07 2:15 a.m.•47 views

CVE-2023-27016

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00325EPSS

CVE•added 2025/04/15 11:15 p.m.•47 views

CVE-2025-25453

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.

4.6CVSS6.6AI score0.00043EPSS

CVE•added 2025/04/17 6:15 p.m.•47 views

CVE-2025-25454

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.

7.5CVSS6.6AI score0.00077EPSS

CVE•added 2024/10/23 2:15 p.m.•46 views

CVE-2024-10280

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer derefer...

7.5CVSS6.8AI score0.00306EPSS

CVE•added 2023/11/29 6:15 a.m.•45 views

CVE-2023-45480

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878.

9.8CVSS9.6AI score0.00255EPSS

CVE•added 2024/11/11 1:15 a.m.•45 views

CVE-2024-11061

A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The...

9CVSS9AI score0.00611EPSS

CVE•added 2025/04/15 11:15 p.m.•45 views

CVE-2025-25458

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.

4.6CVSS7AI score0.00043EPSS

CVE•added 2018/10/29 12:29 p.m.•44 views

CVE-2018-18729

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a po...

9.8CVSS9.4AI score0.00449EPSS

CVE•added 2022/10/17 1:15 p.m.•44 views

CVE-2022-42165

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2023/04/07 2:15 a.m.•44 views

CVE-2023-27019

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2025/05/12 5:15 p.m.•44 views

CVE-2025-45779

Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.

9.8CVSS7.1AI score0.00113EPSS

CVE•added 2019/04/25 8:29 p.m.•43 views

CVE-2018-14557

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When proces...

7.8CVSS7.7AI score0.00314EPSS

CVE•added 2018/10/29 12:29 p.m.•43 views

CVE-2018-18709

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post reque...

7.8CVSS7.7AI score0.00314EPSS

CVE•added 2018/10/29 12:29 p.m.•43 views

CVE-2018-18731

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post re...

7.8CVSS7.7AI score0.00314EPSS

CVE•added 2018/10/29 12:29 p.m.•43 views

CVE-2018-18732

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post re...

7.8CVSS7.7AI score0.00314EPSS

CVE•added 2022/10/17 2:15 p.m.•43 views

CVE-2022-42168

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2025/04/17 4:15 p.m.•43 views

CVE-2025-25457

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.

7.5CVSS7AI score0.00077EPSS

CVE•added 2022/10/17 2:15 p.m.•42 views

CVE-2022-42167

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2022/10/17 2:15 p.m.•42 views

CVE-2022-42170

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2023/06/08 3:15 p.m.•42 views

CVE-2023-34568

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.

6.7CVSS6.7AI score0.00031EPSS

CVE•added 2018/10/29 12:29 p.m.•41 views

CVE-2018-18706

7.8CVSS7.7AI score0.00314EPSS

CVE•added 2023/04/07 2:15 a.m.•41 views

CVE-2023-27014

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00271EPSS

CVE•added 2023/07/10 5:15 p.m.•41 views

CVE-2023-37710

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.

9.8CVSS9.7AI score0.00121EPSS

CVE•added 2023/07/14 12:15 a.m.•41 views

CVE-2023-37717

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.

9.8CVSS9.7AI score0.00121EPSS

CVE•added 2023/09/18 4:15 p.m.•41 views

CVE-2023-42320

Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.

9.8CVSS9AI score0.02013EPSS

CVE•added 2022/10/17 2:15 p.m.•40 views

CVE-2022-42166

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2022/12/16 5:15 p.m.•40 views

CVE-2022-46109

Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.

7.5CVSS7.5AI score0.00216EPSS

CVE•added 2023/04/07 2:15 a.m.•40 views

CVE-2023-27012

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00271EPSS

CVE•added 2023/07/14 12:15 a.m.•40 views

CVE-2023-37716

9.8CVSS9.7AI score0.00121EPSS

CVE•added 2025/01/17 3:15 p.m.•40 views

CVE-2025-0528

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched r...

8.6CVSS7.7AI score0.01073EPSS

CVE•added 2025/05/12 6:15 p.m.•40 views

CVE-2025-44175

Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.

5.4CVSS6.9AI score0.00041EPSS

CVE•added 2023/04/07 2:15 a.m.•39 views

CVE-2023-27020

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2023/08/07 7:15 p.m.•39 views

CVE-2023-38936

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

9.8CVSS9.6AI score0.00334EPSS

CVE•added 2023/08/07 7:15 p.m.•39 views

CVE-2023-38937

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.

9.8CVSS9.6AI score0.00121EPSS

Total number of security vulnerabilities78