Tenda: community verdicts
37 notable / known-exploited Tenda CVEs the community has triaged.
- CVE-2021-31755CRIT 9.8KEVEPSS 86%
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
- CVE-2020-10987CRIT 9.8KEVEPSS 80%
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
- CVE-2022-30023HIGH 8.8EPSS 44%
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
- CVE-2025-51087HIGH 8.6EPSS 8%
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.
- CVE-2025-51085MED 5.3EPSS 6%
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.
- CVE-2025-51088MED 5.3EPSS 6%
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.
- CVE-2025-51089MED 6.5EPSS 5%
Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow.
- CVE-2021-44971CRIT 9.8Real · low riskEPSS 3%
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
- CVE-2023-50989CRIT 9.8Real · low riskEPSS 2%
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
- CVE-2023-50983CRIT 9.8Real · low riskEPSS 2%
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.
- CVE-2022-35201CRIT 9.8Real · low riskEPSS 2%
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.
- CVE-2023-33530HIGH 8.8Real · low riskEPSS 1%
There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges.
- CVE-2023-50984CRIT 9.8Real · low riskEPSS 1%
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.
- CVE-2023-50992CRIT 9.8Real · low riskEPSS 1%
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.
- CVE-2023-50987CRIT 9.8Real · low riskEPSS 1%
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.
- CVE-2023-50988CRIT 9.8Real · low riskEPSS 1%
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.
- CVE-2023-50986CRIT 9.8Real · low riskEPSS 1%
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.
- CVE-2023-50985CRIT 9.8Real · low riskEPSS 1%
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.
- CVE-2023-50990CRIT 9.8Real · low riskEPSS 1%
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.
- CVE-2023-48194CRIT 9.8Real · low riskEPSS 1%
Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.
- CVE-2023-39784HIGH 7.5Real · low riskEPSS 1%
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.
- CVE-2023-39786HIGH 7.5Real · low riskEPSS 1%
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.
- CVE-2023-39785HIGH 7.5Real · low riskEPSS 1%
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.
- CVE-2024-57483CRIT 9.8Real · low riskEPSS 1%
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.
- CVE-2025-45343CRIT 9.8Real · low riskEPSS 1%
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.
- CVE-2025-46035HIGH 7.5Real · low riskEPSS 1%
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
- CVE-2024-52714CRIT 9.8Real · low riskEPSS 1%
Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime.
- CVE-2024-25343CRIT 9.1Real · low riskEPSS 1%
Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.
- CVE-2025-29217MED 6.5EPSS 0%
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2025-51082MED 5.3EPSS 0%
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set. The manipulation of the argument `timeZone` leads to stack-based buffer overflow.
- CVE-2025-55564HIGH 7.5Real · low riskEPSS 0%
Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.
- CVE-2025-61498HIGH 7.5Real · low riskEPSS 0%
A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a Denial of Service (DoS) via supplying a crafted packet.
- CVE-2025-57572MED 5.6EPSS 0%
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.
- CVE-2025-57573MED 5.6EPSS 0%
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.
- CVE-2025-57571MED 5.6EPSS 0%
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.
- CVE-2025-57570MED 5.6EPSS 0%
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.
- CVE-2025-57569MED 5.6EPSS 0%
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.