Every CVE whose affected-product data names Tenda Ax1803 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (60)
CVE-2023-51956 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv
CVE-2023-51957 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.
CVE-2022-34595 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.
CVE-2022-34596 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.
CVE-2024-30620 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.
CVE-2023-51972 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.
CVE-2023-51971 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo.
CVE-2023-51970 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
CVE-2023-51969 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo.
CVE-2023-51968 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo.
CVE-2023-51967 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo.
CVE-2023-51966 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.
CVE-2023-51965 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.
CVE-2023-51964 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.
CVE-2022-40876 — CVSS 9.8 (critical): In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack…
CVE-2023-51963 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.
CVE-2023-51962 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.
CVE-2024-30621 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan.
CVE-2023-51961 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.
CVE-2023-51960 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.
CVE-2023-51959 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.
CVE-2023-49040 — CVSS 9.8 (critical): An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the…
CVE-2023-49042 — CVSS 9.8 (critical): Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter…
CVE-2023-49043 — CVSS 9.8 (critical): Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter…
CVE-2023-49044 — CVSS 9.8 (critical): Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the…
CVE-2023-49046 — CVSS 9.8 (critical): Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the…
CVE-2023-51958 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.
CVE-2023-51952 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.
CVE-2023-51953 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
CVE-2023-51954 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.
CVE-2023-51955 — CVSS 9.8 (critical): Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
CVE-2026-1329 — CVSS 8.8 (high): A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet…
CVE-2022-45781 — CVSS 8.8 (high): Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.
CVE-2024-4236 — CVSS 8.8 (high): A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function…
CVE-2025-7597 — CVSS 8.8 (high): A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file…
CVE-2025-7598 — CVSS 8.8 (high): A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function…
CVE-2022-28572 — CVSS 8.8 (high): Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function
CVE-2022-37820 — CVSS 7.8 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS.
CVE-2022-37819 — CVSS 7.8 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime.
CVE-2022-37818 — CVSS 7.8 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.
CVE-2022-37817 — CVSS 7.8 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind.
CVE-2022-37824 — CVSS 7.8 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic.
CVE-2022-37823 — CVSS 7.8 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer.
CVE-2022-37822 — CVSS 7.8 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic.
CVE-2022-37821 — CVSS 7.8 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince.
CVE-2023-48109 — CVSS 7.5 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This…
CVE-2022-40875 — CVSS 7.5 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.
CVE-2022-40874 — CVSS 7.5 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a…
CVE-2023-48111 — CVSS 7.5 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This…
CVE-2023-48110 — CVSS 7.5 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This…
CVE-2022-30040 — CVSS 7.5 (high): Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin /…
CVE-2025-70651 — CVSS 7.5 (high): Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This…
CVE-2025-63456 — CVSS 7.5 (high): Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability…
CVE-2025-63457 — CVSS 7.5 (high): Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability…
CVE-2025-63458 — CVSS 7.5 (high): Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function…
CVE-2025-70646 — CVSS 7.5 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability…
CVE-2025-70648 — CVSS 7.5 (high): Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability…
CVE-2023-49047 — CVSS 7.5 (high): Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName.
CVE-2022-42086 — CVSS 6.5 (medium): Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.
CVE-2022-42087 — CVSS 6.5 (medium): Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.