Ac10 Firmware Security Vulnerabilities and Issues — Ac10 Firmware CVE List

Lucene search

TendaAc10 Firmware

21 matches found

CVE•added 2025/06/05 3:15 a.m.•72 views

CVE-2025-5629

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to in...

9.8CVSS8.9AI score0.00128EPSS

CVE•added 2025/02/20 11:15 p.m.•65 views

CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary co...

9.8CVSS9.8AI score0.00223EPSS

CVE•added 2025/02/20 11:15 p.m.•60 views

CVE-2025-25674

Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.

9.8CVSS9.5AI score0.00084EPSS

CVE•added 2025/04/17 6:15 p.m.•50 views

CVE-2025-25455

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.

7.5CVSS6.6AI score0.0007EPSS

CVE•added 2025/04/15 11:15 p.m.•49 views

CVE-2025-25453

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.

4.6CVSS6.6AI score0.00031EPSS

CVE•added 2025/04/03 3:15 p.m.•49 views

CVE-2025-3161

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been d...

9CVSS7.3AI score0.00197EPSS

Web

CVE•added 2025/04/17 6:15 p.m.•48 views

CVE-2025-25454

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.

7.5CVSS6.6AI score0.0007EPSS

CVE•added 2025/04/15 11:15 p.m.•46 views

CVE-2025-25458

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.

4.6CVSS7AI score0.00031EPSS

CVE•added 2025/05/12 5:15 p.m.•45 views

CVE-2025-45779

Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.

9.8CVSS7.1AI score0.00146EPSS

CVE•added 2025/04/17 4:15 p.m.•44 views

CVE-2025-25457

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.

7.5CVSS7AI score0.0007EPSS

CVE•added 2025/01/17 3:15 p.m.•41 views

CVE-2025-0528

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched r...

8.6CVSS7.7AI score0.01991EPSS

CVE•added 2025/05/12 6:15 p.m.•41 views

CVE-2025-44175

Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.

5.4CVSS6.9AI score0.0005EPSS

CVE•added 2025/04/15 7:16 p.m.•40 views

CVE-2025-25456

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.

9.8CVSS7AI score0.00072EPSS

CVE•added 2025/05/18 9:15 p.m.•35 views

CVE-2025-4896

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has be...

9CVSS7.3AI score0.00128EPSS

CVE•added 2025/07/26 5:15 a.m.•8 views

CVE-2025-8178

A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been...

9CVSS9AI score0.00094EPSS

CVE•added 2025/08/21 5:15 p.m.•8 views

CVE-2025-9309

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the atta...

7CVSS7AI score0.00014EPSS

CVE•added 2025/08/28 7:15 p.m.•6 views

CVE-2025-57215

Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.

7.5CVSS7.3AI score0.00052EPSS

CVE•added 2025/08/28 7:15 p.m.•5 views

CVE-2025-57220

An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.

5.3CVSS6.7AI score0.00048EPSS

CVE•added 2025/08/28 6:15 p.m.•4 views

CVE-2025-57217

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.

5.3CVSS7.2AI score0.00051EPSS

CVE•added 2025/08/28 6:15 p.m.•4 views

CVE-2025-57218

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.

5.3CVSS7.2AI score0.00048EPSS

CVE•added 2025/08/28 7:15 p.m.•4 views

CVE-2025-57219

Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request.

5.3CVSS6.6AI score0.00047EPSS