Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ac6_firmware
(Tenda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-06-12 | CVE-2025-46035 | Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint | Ac6_firmware | N/A | ||
| 2023-10-03 | CVE-2023-40830 | Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | Ac6_firmware | 9.8 | ||
| 2023-11-20 | CVE-2023-38823 | Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. | Ac18_firmware, Ac19_firmware, Ac6_firmware, Ac9_firmware | 9.8 | ||
| 2025-06-09 | CVE-2025-5852 | A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | Ac6_firmware | 8.8 |