T

Tenda Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Tenda products.

45 known CVE vulnerabilities tracked

Critical
11
High
27
Medium
7
Low
0
None
0

Vulnerabilities By Year

37
2025
8
2026

Products Affected

Wh450 Firmware 20 M3 Firmware 5 Ac18 Firmware 3 Ac6 Firmware 3 Ac10U Firmware 3 Fh1201 Firmware 2 Ac10 Firmware 2 Ch22 Firmware 2 4G300 Firmware 2 Ac23 Firmware 2 Hg3 Firmware 1

All Tenda CVEs

Recent Highest Score Oldest
CVE-2025-15162
7.2 high

A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicl

Wh450 Firmware Dec 29, 2025
CVE-2025-15161
7.2 high

A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be

Wh450 Firmware Dec 28, 2025
CVE-2025-15160
7.2 high

A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Wh450 Firmware Dec 28, 2025
CVE-2025-15076
7.3 high

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Ch22 Firmware Dec 25, 2025
CVE-2025-15048
7.3 high

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been p

Wh450 Firmware Dec 23, 2025
CVE-2025-15047
9.8 critical

A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has

Wh450 Firmware Dec 23, 2025
CVE-2025-15046
9.8 critical

A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The e

Wh450 Firmware Dec 23, 2025
CVE-2025-15045
9.8 critical

A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has be

Wh450 Firmware Dec 23, 2025
CVE-2025-15044
9.8 critical

A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.

Wh450 Firmware Dec 23, 2025
CVE-2025-15010
9.8 critical

A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the publi

Wh450 Firmware Dec 22, 2025
CVE-2025-15008
7.3 high

A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public

Wh450 Firmware Dec 22, 2025
CVE-2025-15007
9.8 critical

A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. T

Wh450 Firmware Dec 22, 2025
CVE-2025-15006
9.8 critical

A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated remotel

Wh450 Firmware Dec 22, 2025
CVE-2025-14995
8.8 high

A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be

Fh1201 Firmware Dec 21, 2025
CVE-2025-14994
8.8 high

A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carrie

Fh1201 Firmware Dec 21, 2025
CVE-2025-14993
8.8 high

A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now pu

Ac18 Firmware Dec 21, 2025
CVE-2025-14992
8.8 high

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the atta

Ac18 Firmware Dec 21, 2025
CVE-2025-14879
9.8 critical

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit

Wh450 Firmware Dec 18, 2025
CVE-2025-14878
9.8 critical

A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit ha

Wh450 Firmware Dec 18, 2025
CVE-2025-67074
6.5 medium

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.

Ac10 Firmware Dec 17, 2025
CVE-2025-67073
9.8 critical

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.

Ac10 Firmware Dec 17, 2025