Every CVE whose affected-product data names Tenda Ac21 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2025-9605 — CVSS 9.8 (critical): A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file…
CVE-2026-4565 — CVSS 8.8 (high): A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList…
CVE-2023-24333 — CVSS 8.8 (high): A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary…
CVE-2025-10838 — CVSS 8.8 (high): A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet…
CVE-2025-11091 — CVSS 8.8 (high): A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file…
CVE-2025-12611 — CVSS 8.8 (high): A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file…
CVE-2025-13445 — CVSS 8.8 (high): A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of…
CVE-2025-13446 — CVSS 8.8 (high): A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The…
CVE-2026-1637 — CVSS 8.8 (high): A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file…
CVE-2022-40076 — CVSS 7.5 (high): Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic.
CVE-2022-40075 — CVSS 7.5 (high): Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set.
CVE-2022-40068 — CVSS 7.5 (high): Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand.
CVE-2026-1638 — CVSS 6.3 (medium): A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file…
CVE-2026-2148 — CVSS 5.3 (medium): A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of…
CVE-2026-2147 — CVSS 5.3 (medium): A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the…
CVE-2025-65220 — CVSS 4.3 (medium): Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter.
CVE-2025-65226 — CVSS 4.3 (medium): Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.
CVE-2025-65221 — CVSS 4.3 (medium): Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.
CVE-2025-65222 — CVSS 4.3 (medium): Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg.
CVE-2025-65223 — CVSS 4.3 (medium): Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo.