Ac10 Firmware Security Vulnerabilities and Issues — Ac10 Firmware CVE List

Lucene search

TendaAc10 Firmware

49 matches found

CVE•added 2023/04/07 2:15 a.m.•78 views

CVE-2023-27017

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2023/04/07 2:15 a.m.•78 views

CVE-2023-27018

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2025/06/05 3:15 a.m.•70 views

CVE-2025-5629

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to in...

9.8CVSS8.9AI score0.0011EPSS

CVE•added 2025/02/20 11:15 p.m.•64 views

CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary co...

9.8CVSS9.8AI score0.00181EPSS

CVE•added 2025/02/20 11:15 p.m.•59 views

CVE-2025-25674

Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.

9.8CVSS9.5AI score0.00071EPSS

CVE•added 2024/03/18 3:15 a.m.•54 views

CVE-2024-2581

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

9CVSS9AI score0.00447EPSS

CVE•added 2024/03/24 7:15 a.m.•53 views

CVE-2024-2856

A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launche...

9.8CVSS8.8AI score0.00241EPSS

CVE•added 2023/04/07 2:15 a.m.•52 views

CVE-2023-27013

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2025/04/03 3:15 p.m.•48 views

CVE-2025-3161

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been d...

9CVSS7.3AI score0.0008EPSS

CVE•added 2022/10/17 1:15 p.m.•47 views

CVE-2022-42163

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2022/10/17 1:15 p.m.•47 views

CVE-2022-42164

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2023/04/07 2:15 a.m.•47 views

CVE-2023-27016

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00325EPSS

CVE•added 2023/11/29 6:15 a.m.•45 views

CVE-2023-45480

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878.

9.8CVSS9.6AI score0.00255EPSS

CVE•added 2024/11/11 1:15 a.m.•45 views

CVE-2024-11061

A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The...

9CVSS9AI score0.00611EPSS

CVE•added 2018/10/29 12:29 p.m.•44 views

CVE-2018-18729

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a po...

9.8CVSS9.4AI score0.00449EPSS

CVE•added 2022/10/17 1:15 p.m.•44 views

CVE-2022-42165

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2023/04/07 2:15 a.m.•44 views

CVE-2023-27019

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2025/05/12 5:15 p.m.•44 views

CVE-2025-45779

Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.

9.8CVSS7.1AI score0.00113EPSS

CVE•added 2022/10/17 2:15 p.m.•43 views

CVE-2022-42168

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2022/10/17 2:15 p.m.•42 views

CVE-2022-42167

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2022/10/17 2:15 p.m.•42 views

CVE-2022-42170

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2023/04/07 2:15 a.m.•41 views

CVE-2023-27014

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00271EPSS

CVE•added 2023/07/10 5:15 p.m.•41 views

CVE-2023-37710

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.

9.8CVSS9.7AI score0.00121EPSS

CVE•added 2023/07/14 12:15 a.m.•41 views

CVE-2023-37717

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.

9.8CVSS9.7AI score0.00121EPSS

CVE•added 2023/09/18 4:15 p.m.•41 views

CVE-2023-42320

Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.

9.8CVSS9AI score0.02013EPSS

CVE•added 2022/10/17 2:15 p.m.•40 views

CVE-2022-42166

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2023/04/07 2:15 a.m.•40 views

CVE-2023-27012

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00271EPSS

CVE•added 2023/07/14 12:15 a.m.•40 views

CVE-2023-37716

9.8CVSS9.7AI score0.00121EPSS

CVE•added 2023/04/07 2:15 a.m.•39 views

CVE-2023-27020

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00123EPSS

CVE•added 2023/08/07 7:15 p.m.•39 views

CVE-2023-38936

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

9.8CVSS9.6AI score0.00334EPSS

CVE•added 2023/08/07 7:15 p.m.•39 views

CVE-2023-38937

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.

9.8CVSS9.6AI score0.00121EPSS

CVE•added 2025/04/15 7:16 p.m.•39 views

CVE-2025-25456

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.

9.8CVSS7AI score0.00082EPSS

CVE•added 2022/10/17 2:15 p.m.•38 views

CVE-2022-42171

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.

9.8CVSS9.5AI score0.00151EPSS

CVE•added 2023/04/07 2:15 a.m.•37 views

CVE-2023-27015

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00271EPSS

CVE•added 2023/07/10 5:15 p.m.•37 views

CVE-2023-37711

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.

9.8CVSS9.7AI score0.00121EPSS

CVE•added 2024/11/15 5:15 p.m.•37 views

CVE-2024-11248

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. T...

9CVSS8.9AI score0.00259EPSS

CVE•added 2023/08/07 7:15 p.m.•36 views

CVE-2023-38933

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.

9.8CVSS9.6AI score0.00121EPSS

CVE•added 2023/11/29 6:15 a.m.•36 views

CVE-2023-45479

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098.

9.8CVSS9.6AI score0.00255EPSS

CVE•added 2024/11/10 5:15 p.m.•36 views

CVE-2024-11056

A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The expl...

9CVSS8.9AI score0.0037EPSS

CVE•added 2023/06/08 3:15 p.m.•35 views

CVE-2023-34566

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.

9.8CVSS9.6AI score0.00172EPSS

CVE•added 2023/04/07 2:15 a.m.•34 views

CVE-2023-27021

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00113EPSS

CVE•added 2023/08/07 7:15 p.m.•34 views

CVE-2023-38931

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

9.8CVSS9.6AI score0.00121EPSS

CVE•added 2023/11/29 6:15 a.m.•34 views

CVE-2023-45481

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.

9.8CVSS9.6AI score0.00334EPSS

CVE•added 2022/10/17 2:15 p.m.•33 views

CVE-2022-42169

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.

9.8CVSS9.6AI score0.00151EPSS

CVE•added 2023/11/29 6:15 a.m.•33 views

CVE-2023-45482

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.

9.8CVSS9.6AI score0.00255EPSS

CVE•added 2025/05/18 9:15 p.m.•33 views

CVE-2025-4896

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has be...

9CVSS7.3AI score0.0011EPSS

CVE•added 2023/08/07 7:15 p.m.•29 views

CVE-2023-38935

Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.

9.8CVSS9.6AI score0.00098EPSS

CVE•added 2023/11/29 6:15 a.m.•28 views

CVE-2023-45484

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.

9.8CVSS9.6AI score0.00255EPSS

CVE•added 2023/11/29 6:15 a.m.•26 views

CVE-2023-45483

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time.

9.8CVSS9.6AI score0.00255EPSS