Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ac10_firmware
(Tenda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 65 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-10-30 | CVE-2018-14558 | An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. | Ac10_firmware, Ac7_firmware, Ac9_firmware | 9.8 | ||
| 2024-02-15 | CVE-2024-25373 | Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function. | Ac10_firmware | N/A | ||
| 2024-04-17 | CVE-2024-32317 | Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | Ac10_firmware | N/A | ||
| 2025-02-20 | CVE-2025-25674 | Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. | Ac10_firmware | 9.8 | ||
| 2025-02-20 | CVE-2025-25675 | Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution. | Ac10_firmware | 9.8 | ||
| 2023-04-07 | CVE-2023-27012 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | Ac10_firmware | 9.8 | ||
| 2023-04-07 | CVE-2023-27013 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | Ac10_firmware | 9.8 | ||
| 2023-04-07 | CVE-2023-27014 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | Ac10_firmware | 9.8 | ||
| 2023-04-07 | CVE-2023-27015 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | Ac10_firmware | 9.8 | ||
| 2023-04-07 | CVE-2023-27016 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | Ac10_firmware | 9.8 |