Filtered by vendor Tenda
Subscriptions
Filtered by product Ac6 Firmware
Subscriptions
Total
99 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60339 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-24 | 7.5 High |
| Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the schedStartTime and schedEndTime parameters. | ||||
| CVE-2025-60340 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-24 | 7.5 High |
| Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters. | ||||
| CVE-2025-60343 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-24 | 7.5 High |
| Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the wanMTU, wanSpeed, cloneType, mac, serviceName, serverName, wanMTU2, wanSpeed2, cloneType2, mac2, serviceName2, and serverName2 parameters. | ||||
| CVE-2025-60338 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-23 | 7.5 High |
| Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-60341 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-23 | 7.5 High |
| Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-60337 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-23 | 7.5 High |
| Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speed_dir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-60342 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-23 | 7.5 High |
| Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the addressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-57528 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-03 | 7.7 High |
| An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm). | ||||
| CVE-2025-57296 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-09-25 | 6.5 Medium |
| Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these user-supplied values into nvram set system commands using doSystemCmd, without validating or sanitizing special characters (e.g., ;, ", #). An unauthenticated or authenticated attacker can exploit this by submitting a crafted POST request, leading to arbitrary system command execution on the affected device. | ||||
| CVE-2025-55495 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-09-03 | 6.5 Medium |
| Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. | ||||
| CVE-2025-55482 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-25 | 7.5 High |
| Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. | ||||
| CVE-2025-55498 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-25 | 7.5 High |
| Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. | ||||
| CVE-2025-24322 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 8.1 High |
| An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability. | ||||
| CVE-2025-24496 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 7.5 High |
| An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | ||||
| CVE-2025-27129 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 9.8 Critical |
| An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability. | ||||
| CVE-2025-30256 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 8.6 High |
| A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability. | ||||
| CVE-2025-31355 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 7.2 High |
| A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-32010 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 8.1 High |
| A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability. | ||||
| CVE-2025-55499 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 6.5 Medium |
| Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. | ||||
| CVE-2025-55503 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 7.3 High |
| Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. | ||||