Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tenda Subscribe
Filtered by product Ac10
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-46109 1 Tenda 2 Ac10, Ac10 Firmware 2022-12-21 N/A 7.5 HIGH
Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.
CVE-2022-42163 1 Tenda 2 Ac10, Ac10 Firmware 2022-10-19 N/A 9.8 CRITICAL
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.
CVE-2022-42164 1 Tenda 2 Ac10, Ac10 Firmware 2022-10-19 N/A 9.8 CRITICAL
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.
CVE-2022-42167 1 Tenda 2 Ac10, Ac10 Firmware 2022-10-19 N/A 9.8 CRITICAL
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVE-2022-42165 1 Tenda 2 Ac10, Ac10 Firmware 2022-10-19 N/A 9.8 CRITICAL
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVE-2022-42166 1 Tenda 2 Ac10, Ac10 Firmware 2022-10-19 N/A 9.8 CRITICAL
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.
CVE-2022-42168 1 Tenda 2 Ac10, Ac10 Firmware 2022-10-19 N/A 9.8 CRITICAL
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.
CVE-2022-42170 1 Tenda 2 Ac10, Ac10 Firmware 2022-10-19 N/A 9.8 CRITICAL
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
CVE-2022-42169 1 Tenda 2 Ac10, Ac10 Firmware 2022-10-19 N/A 9.8 CRITICAL
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.
CVE-2022-42171 1 Tenda 2 Ac10, Ac10 Firmware 2022-10-19 N/A 9.8 CRITICAL
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.
CVE-2022-32054 1 Tenda 2 Ac10, Ac10 Firmware 2022-07-14 10.0 HIGH 9.8 CRITICAL
Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.
CVE-2018-18729 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2019-10-02 9.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.
CVE-2018-14558 1 Tenda 6 Ac10, Ac10 Firmware, Ac7 and 3 more 2019-10-02 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
CVE-2018-14559 1 Tenda 6 Ac10, Ac10 Firmware, Ac7 and 3 more 2019-05-02 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
CVE-2018-14557 1 Tenda 6 Ac10, Ac10 Firmware, Ac7 and 3 more 2019-05-02 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow.
CVE-2018-18731 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2019-01-29 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18732 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2019-01-29 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18706 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2018-12-14 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18707 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2018-12-14 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18708 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2018-12-14 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.