Ac6 Firmware Security Vulnerabilities and Issues — Page 2 of Ac6 Firmware CVE List

CVE•added 2025/06/09 1:15 a.m.•41 views

CVE-2025-5854

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has...

9CVSS8.8AI score0.00106EPSS

CVE•added 2023/08/07 7:15 p.m.•40 views

CVE-2023-38937

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.

9.8CVSS9.6AI score0.00121EPSS

CVE•added 2025/06/09 2:15 a.m.•40 views

CVE-2025-5855

A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. T...

9.8CVSS8.9AI score0.0016EPSS

CVE•added 2023/11/20 8:15 p.m.•39 views

CVE-2023-38823

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

9.8CVSS9.6AI score0.04064EPSS

CVE•added 2023/08/07 7:15 p.m.•39 views

CVE-2023-38936

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

9.8CVSS9.6AI score0.00334EPSS

CVE•added 2023/08/30 5:15 p.m.•39 views

CVE-2023-40839

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.

9.8CVSS9.6AI score0.00114EPSS

CVE•added 2022/12/02 6:15 p.m.•38 views

CVE-2022-45641

Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.

7.5CVSS7.5AI score0.00084EPSS

CVE•added 2023/08/07 7:15 p.m.•37 views

CVE-2023-38933

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.

9.8CVSS9.6AI score0.00121EPSS

CVE•added 2023/08/30 5:15 p.m.•35 views

CVE-2023-40840

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fromGetWirelessRepeat."

CVE•added 2023/08/30 5:15 p.m.•35 views

CVE-2023-40845

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks.

9.8CVSS9.4AI score0.00121EPSS

CVE•added 2023/08/07 7:15 p.m.•34 views

CVE-2023-38931

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

9.8CVSS9.6AI score0.00121EPSS

CVE•added 2023/08/30 5:15 p.m.•34 views

CVE-2023-40842

Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R7WebsSecurityHandler."

CVE•added 2025/06/02 3:15 p.m.•34 views

CVE-2025-44172

Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.

6.5CVSS7.9AI score0.00053EPSS

CVE•added 2023/08/30 5:15 p.m.•33 views

CVE-2023-40841

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "add_white_node,"

CVE•added 2025/06/12 4:15 p.m.•32 views

CVE-2025-46035

Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint

7.5CVSS7.3AI score0.00071EPSS

CVE•added 2023/08/30 5:15 p.m.•30 views

CVE-2023-40843

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "sub_73004."

CVE•added 2023/08/30 5:15 p.m.•29 views

CVE-2023-40847

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check.

CVE•added 2023/08/30 5:15 p.m.•29 views

CVE-2023-40848

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "sub_7D858."

CVE•added 2023/08/30 5:15 p.m.•28 views

CVE-2023-40844

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.'

CVE•added 2024/02/21 9:15 p.m.•18 views

CVE-2023-24332

A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet.

8.1CVSS7.6AI score0.00117EPSS

8.1CVSS6.6AI score0.00078EPSS

CVE-2025-50258

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter.

7.5CVSS7.1AI score0.00073EPSS

CVE-2025-50260

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.

7.5CVSS6.6AI score0.00073EPSS

CVE-2025-50262

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.

8.1CVSS6.6AI score0.00078EPSS

CVE-2025-50263

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.

CVE•added 2025/06/27 2:15 p.m.•8 views

CVE-2025-50528

A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6

7.3CVSS7.1AI score0.00068EPSS

CVE•added 2025/07/01 4:15 p.m.•8 views

CVE-2025-50641

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.

6.5CVSS6.6AI score0.00057EPSS

CVE•added 2025/07/21 1:15 a.m.•8 views

CVE-2025-7914

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely.

9CVSS8.9AI score0.00091EPSS

CVE•added 2025/08/20 3:15 p.m.•6 views

CVE-2025-55482

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.

7.5CVSS7.1AI score0.0005EPSS

CVE•added 2025/08/20 3:15 p.m.•6 views

CVE-2025-55498

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.

7.5CVSS8.1AI score0.0005EPSS

CVE•added 2025/08/20 2:15 p.m.•5 views

CVE-2025-24322

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.

9.8CVSS8AI score0.00078EPSS

CVE•added 2025/08/20 2:15 p.m.•5 views

CVE-2025-32010

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability.

9.8CVSS8.2AI score0.00622EPSS

7.5CVSS6.5AI score0.00042EPSS

CVE-2025-24496

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.

9.8CVSS8AI score0.0017EPSS

CVE-2025-27129

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability.

8.6CVSS7AI score0.00067EPSS

CVE-2025-30256

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability.

9.8CVSS7.8AI score0.00038EPSS

CVE-2025-31355

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

7.5CVSS7.1AI score0.0005EPSS

CVE-2025-55483

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList.

6.5CVSS8.1AI score0.00038EPSS

CVE-2025-55499

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function.