CVE-2022-26290 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.
CVE-2022-26536 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.
CVE-2022-27076 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.
CVE-2022-27077 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.
CVE-2022-27078 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.
CVE-2022-27079 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.
CVE-2022-27080 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.
CVE-2022-27081 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.
CVE-2022-27082 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.
CVE-2022-27083 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.
CVE-2022-26289 — CVSS 9.8 (critical): Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.
CVE-2023-51094 — CVSS 9.8 (critical): Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet.
CVE-2023-51093 — CVSS 9.8 (critical): Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.
CVE-2023-51091 — CVSS 9.8 (critical): Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.
CVE-2026-5567 — CVSS 8.8 (high): A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData…
CVE-2025-15230 — CVSS 8.8 (high): A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file…
CVE-2025-15231 — CVSS 8.8 (high): A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo…
CVE-2025-15232 — CVSS 8.8 (high): A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file…
CVE-2025-15233 — CVSS 8.8 (high): A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file…
CVE-2025-15234 — CVSS 8.8 (high): A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file…
CVE-2025-15252 — CVSS 8.8 (high): A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file…
CVE-2025-15253 — CVSS 8.8 (high): A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such…
CVE-2025-9298 — CVSS 8.8 (high): A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation…
CVE-2025-9299 — CVSS 8.8 (high): A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of…
CVE-2022-38570 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to…
CVE-2022-38571 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.
CVE-2022-32041 — CVSS 7.5 (high): Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.
CVE-2022-32039 — CVSS 7.5 (high): Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.
CVE-2022-32036 — CVSS 7.5 (high): Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters…
CVE-2022-32034 — CVSS 7.5 (high): Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.
CVE-2022-32043 — CVSS 7.5 (high): Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.
CVE-2022-38562 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability…
CVE-2022-38563 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability…
CVE-2022-38564 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability…
CVE-2022-38565 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability…
CVE-2022-38566 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability…
CVE-2022-38567 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability…
CVE-2022-38568 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability…
CVE-2022-38569 — CVSS 7.5 (high): Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.