CVE-2026-24105 — CVSS 9.8 (critical): An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially…
CVE-2026-24103 — CVSS 9.8 (critical): A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
CVE-2026-24101 — CVSS 9.8 (critical): An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into…
CVE-2025-63666 — CVSS 9.8 (critical): Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short…
CVE-2025-29462 — CVSS 9.8 (critical): A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile…
CVE-2018-18728 — CVSS 9.8 (critical): An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote…
CVE-2018-18729 — CVSS 9.8 (critical): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2023-39673 — CVSS 9.8 (critical): Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().
CVE-2023-36103 — CVSS 9.8 (critical): Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands…
CVE-2023-30376 — CVSS 9.8 (critical): In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability.
CVE-2020-10988 — CVSS 9.8 (critical): A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers…
CVE-2020-15916 — CVSS 9.8 (critical): goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell…
CVE-2021-44971 — CVSS 9.8 (critical): Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware…
CVE-2023-30373 — CVSS 9.8 (critical): In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability.
CVE-2022-28557 — CVSS 9.8 (critical): There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin…
CVE-2026-5830 — CVSS 8.8 (high): A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such…
CVE-2024-10661 — CVSS 8.8 (high): A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of…
CVE-2024-10662 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the…
CVE-2024-2805 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function…
CVE-2024-2806 — CVSS 8.8 (high): A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter…
CVE-2024-2807 — CVSS 8.8 (high): A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function…
CVE-2024-2808 — CVSS 8.8 (high): A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function…
CVE-2024-2809 — CVSS 8.8 (high): A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function…
CVE-2024-2810 — CVSS 8.8 (high): A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the…
CVE-2024-2811 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart…
CVE-2024-2813 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function…
CVE-2024-2814 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient…
CVE-2024-2815 — CVSS 8.8 (high): A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the…
CVE-2024-2850 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function…
CVE-2024-2852 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function…
CVE-2024-2855 — CVSS 8.8 (high): A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the…
CVE-2025-0566 — CVSS 8.8 (high): A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file…
CVE-2025-10443 — CVSS 8.8 (high): A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the…
CVE-2025-11386 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the…
CVE-2025-11387 — CVSS 8.8 (high): A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This…
CVE-2025-11388 — CVSS 8.8 (high): A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such…
CVE-2025-11389 — CVSS 8.8 (high): A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing…
CVE-2025-3786 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat…
CVE-2025-5848 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function…
CVE-2025-5849 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function…
CVE-2025-5850 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function…
CVE-2025-5851 — CVSS 8.8 (high): A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip…
CVE-2026-3400 — CVSS 8.8 (high): A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file…
CVE-2026-4975 — CVSS 8.8 (high): A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component…
CVE-2017-16923 — CVSS 8.8 (high): Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_…
CVE-2024-30645 — CVSS 8.0 (high): Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.
CVE-2024-32303 — CVSS 8.0 (high): Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the…
CVE-2025-55564 — CVSS 7.5 (high): Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.
CVE-2022-43259 — CVSS 7.5 (high): Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.
CVE-2022-28556 — CVSS 7.5 (high): Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the…
CVE-2018-18727 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2018-18732 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2018-18707 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2025-8979 — CVSS 6.6 (medium): A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_…
CVE-2025-25634 — CVSS 6.5 (medium): A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The…
CVE-2020-10986 — CVSS 6.5 (medium): A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device…
CVE-2024-10280 — CVSS 6.5 (medium): A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as…
CVE-2024-30840 — CVSS 6.5 (medium): A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the…
CVE-2017-16936 — CVSS 6.5 (medium): Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(631…
CVE-2024-2851 — CVSS 6.3 (medium): A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function…
CVE-2024-2812 — CVSS 6.3 (medium): A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function…
CVE-2025-10442 — CVSS 6.3 (medium): A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand…
CVE-2020-10989 — CVSS 6.1 (medium): An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious…
CVE-2024-2816 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function…
CVE-2024-30613 — CVSS 4.3 (medium): Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.
CVE-2024-2817 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function…