Tenda Tenda

  1. Vendors
  2. Tenda

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Tenda product.

RSS Feeds for Tenda security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Tenda products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Tenda Sorted by Most Security Vulnerabilities since 2018

Tenda Ac1863 vulnerabilities

Tenda Ac18 Firmware62 vulnerabilities

Tenda Ac10 Firmware48 vulnerabilities

Tenda W30e Firmware48 vulnerabilities

Tenda Fh1202 Firmware47 vulnerabilities

Tenda Ac1544 vulnerabilities

Tenda Ac6 Firmware42 vulnerabilities

Tenda Ac7 Firmware39 vulnerabilities

Tenda Ac8 Firmware39 vulnerabilities

Tenda Ac15 Firmware38 vulnerabilities

Tenda Fh1206 Firmware37 vulnerabilities

Tenda Ax1803 Firmware36 vulnerabilities

Tenda F1203 Firmware28 vulnerabilities

Tenda W15e Firmware28 vulnerabilities

Tenda Ac728 vulnerabilities

Tenda Ac9 Firmware27 vulnerabilities

Tenda Fh451 Firmware27 vulnerabilities

Tenda Ax1806 Firmware26 vulnerabilities

Tenda Ch22 Firmware25 vulnerabilities

Tenda Fh1205 Firmware24 vulnerabilities

Tenda Ac5 Firmware24 vulnerabilities

Tenda F453 Firmware24 vulnerabilities

Tenda Fh1201 Firmware23 vulnerabilities

Tenda Wh450 Firmware21 vulnerabilities

Tenda Fh1203 Firmware21 vulnerabilities

Tenda O3 Firmware20 vulnerabilities

Tenda I21 Firmware19 vulnerabilities

Tenda A15 Firmware19 vulnerabilities

Tenda Ac23 Firmware18 vulnerabilities

Tenda Ch2218 vulnerabilities

Tenda I22 Firmware16 vulnerabilities

Tenda Ac500 Firmware15 vulnerabilities

Tenda Ac10u Firmware15 vulnerabilities

Tenda W18e Firmware14 vulnerabilities

Tenda W20e Firmware14 vulnerabilities

Tenda Ax12 Firmware14 vulnerabilities

Tenda Rx3 Firmware13 vulnerabilities

Tenda Tx3 Firmware13 vulnerabilities

Tenda Ac1206 Firmware12 vulnerabilities

Tenda Ac20 Firmware12 vulnerabilities

Tenda Rx2 Pro Firmware11 vulnerabilities

Tenda Ac21 Firmware11 vulnerabilities

Tenda W6 S Firmware10 vulnerabilities

Tenda F1202 Firmware10 vulnerabilities

Tenda I9 Firmware9 vulnerabilities

Tenda M3 Firmware8 vulnerabilities

Tenda W9 Firmware7 vulnerabilities

Tenda I12 Firmware7 vulnerabilities

Tenda Cp3 Firmware6 vulnerabilities

Tenda O36 vulnerabilities

Tenda G3 Firmware6 vulnerabilities

Tenda Tx9 Pro Firmware5 vulnerabilities

Tenda Rx9 Pro Firmware5 vulnerabilities

Tenda 4g300 Firmware5 vulnerabilities

Tenda A18 Firmware5 vulnerabilities

Tenda Ac6v2 0 Firmware4 vulnerabilities

Tenda F3 Firmware4 vulnerabilities

Tenda O6 Firmware4 vulnerabilities

Tenda Ax3 Firmware4 vulnerabilities

Tenda Hg10 Firmware3 vulnerabilities

Tenda Tx9 Firmware3 vulnerabilities

Tenda W12 Firmware3 vulnerabilities

Tenda G103 Firmware3 vulnerabilities

Tenda I3 Firmware2 vulnerabilities

Tenda I29 Firmware2 vulnerabilities

Tenda N301 Firmware2 vulnerabilities

Tenda O1 Firmware2 vulnerabilities

Tenda W122 vulnerabilities

Tenda Cp3 Pro Firmware2 vulnerabilities

Tenda Ac10v4 Firmware1 vulnerability

Tenda Ac11 Firmware1 vulnerability

Tenda Ac12061 vulnerability

Tenda Ac211 vulnerability

Tenda A301 Firmware1 vulnerability

Tenda Ac231 vulnerability

Tenda Ac61 vulnerability

Tenda 11n Firmware1 vulnerability

Tenda Ac81 vulnerability

Tenda Ac8v4 Firmware1 vulnerability

Tenda O5 Firmware1 vulnerability

Tenda O4 Firmware1 vulnerability

Tenda Ap500v1 Firmware1 vulnerability

Tenda Ax2 Pro Firmware1 vulnerability

Tenda N300 Wireless N Vdsl2 Modem Router1 vulnerability

Tenda N300 Firmware1 vulnerability

Tenda Ax9 Firmware1 vulnerability

Tenda I24 Firmware1 vulnerability

Tenda I12 Framework1 vulnerability

Tenda G1 Firmware1 vulnerability

Known Exploited Tenda Vulnerabilities

The following Tenda vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Tenda AC11 Up to 02.03.01.104_CN Stack Buffer Overflow Tenda AC11 devices with firmware through 02.03.01.104_CN contain a stack buffer overflow vulnerability in /goform/setmac which allows for arbitrary execution.
CVE-2021-31755 Exploit Probability: 94.3% 		November 3, 2021
Tenda Router Code Execution The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10987 Exploit Probability: 93.9% 		November 3, 2021
Tenda Router Command Injection Vulnerability Issue on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
CVE-2018-14558 Exploit Probability: 77.3% 		November 3, 2021

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2018-14558: Tenda Router Command Injection Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 144 vulnerabilities in Tenda with an average score of 8.5 out of ten. Last year, in 2025 Tenda had 372 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Tenda in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.08




Year Vulnerabilities Average Score
2026 144 8.46
2025 372 8.55
2024 405 8.96
2023 100 9.26
2022 187 8.38
2021 2 7.60
2020 2 8.65

It may take a day or so for new Tenda vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Tenda Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-5046 Mar 29, 2026
Stack Buffer Overflow in Tenda FH1201 1.2.0.14(408) FormWrlExtraSet (Remote) A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
Fh1201 Firmware
CVE-2026-5045 Mar 29, 2026
Tenda FH1201 1.2.0.14 Stack Buffer Overflow in WrlclientSet (remote) A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Fh1201 Firmware
CVE-2026-5036 Mar 29, 2026
Tenda 4G06 stack-based buffer overflow in /goform/DhcpListClient (04.06.01.29) A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.
CVE-2026-5021 Mar 29, 2026
Tenda F453 1.0.0.3 HTTPD PPTPUserSetting stack overflow A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
F453 Firmware
CVE-2026-4975 Mar 27, 2026
Stack Buffer Overflow in Tenda AC15 15.03.05.19 POST /goform/setcfm A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Ac15 Firmware
CVE-2026-4974 Mar 27, 2026
Tenda AC7 stack-based buffer overflow in SetSysTimeCfg (v15.03.06.44) A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Ac7 Firmware
CVE-2026-4961 Mar 27, 2026
Tenda AC6 15.03.05.16 SBBO in POST /goform/QuickIndex via PPPOEPassword A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Ac6 Firmware
CVE-2026-4960 Mar 27, 2026
Stack-based overflow in Tenda AC6 15.03.05.16 via POST /goform/WizardHandle A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Ac6 Firmware
CVE-2026-4906 Mar 27, 2026
Tenda AC5 15.03.06.47 POST Handler Buffer Overflow A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Ac5 Firmware
CVE-2026-4905 Mar 26, 2026
Remote stack overflow in Tenda AC5 formWifiWpsOOB (15.03.06.47) A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Ac5 Firmware
CVE-2026-4904 Mar 26, 2026
Tenda AC5 v15.03.06.47 POST /goform/setcfm buf overflow A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Ac5 Firmware
CVE-2026-4903 Mar 26, 2026
Tenda AC5 15.03.06.47 POST formQuickIndex PPPOEPassword Buffer Overflow A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
Ac5 Firmware
CVE-2026-4902 Mar 26, 2026
Tenda AC5 15.03.06.47 Stack-Based Buffer Overflow in POST /goform/addressNat A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Ac5 Firmware
CVE-2026-4567 Mar 23, 2026
Stack Buffer Overflow in Tenda A15 15.13.07.13 UploadCfg A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A15 Firmware
CVE-2026-4565 Mar 23, 2026
Tenda AC21 16.03.08.16: formSetQosBand Buffer Overflow (Remote) A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Ac21 Firmware
CVE-2026-4554 Mar 22, 2026
Command injection in Tenda F453 1.0.0.3 FormWriteFacMac A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
F453 Firmware
CVE-2026-4553 Mar 22, 2026
Tenda F453 1.0.0.3 Natlimit stack buf overflow A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
F453 Firmware
CVE-2026-4552 Mar 22, 2026
Stack-Based Buffer Overflow in Tenda F453 1.0.0.3 Parameters Handler A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
F453 Firmware
CVE-2026-4551 Mar 22, 2026
Tenda F453 1.0.0.3 ParamsHandler stack-based overflow A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
F453 Firmware
CVE-2026-4535 Mar 22, 2026
Tenda FH451 1.0.0.9 Remote Stack B.O. via WrlclientSet A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Fh451 Firmware
CVE-2026-4534 Mar 22, 2026
Tenda FH451 1.0.0.9 Stack Buffer Overflow in formWrlExtraSet (remote) A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
Fh451 Firmware
CVE-2026-4493 Mar 20, 2026
RSBO in Tenda A18 Pro MAC Filtering Endpoint (v2.03.02.28) A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument deviceList can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2026-4492 Mar 20, 2026
Remote Stack-Overflow in Tenda A18 Pro 02.03.02.28 QoS FormSetQosBand A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVE-2026-4491 Mar 20, 2026
Tenda A18 Pro 02.03.02.28: Remote Stack-Based Buffer Overflow via SetIpMacBind A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-4490 Mar 20, 2026
Tenda A18 Pro 02.03.02.28 stackbased buffer overflow in setSchedWifi A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-4489 Mar 20, 2026
Tenda A18 02.03.02.28 stack buffer overflow in form_fast_setting_wifi_set A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2026-4254 Mar 16, 2026
Tenda AC8 <16.03.50.11: HTTP Endpoint Buffer Overflow A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Ac8 Firmware
CVE-2026-4253 Mar 16, 2026
Tenda AC8 16.03.50.11 Remote OS Command Injection via route_set_user_policy_rule A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Ac8 Firmware
CVE-2026-4252 Mar 16, 2026
Tenda AC8 16.03.50.11 IPv6 Handler check_is_ipv6 IP Auth Flaw A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Ac8 Firmware
CVE-2026-4043 Mar 12, 2026
Tenda i12 1.0.0.6 Remote Buffer Overflow via formwrlSSIDget A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
I12 Firmware
CVE-2026-4042 Mar 12, 2026
CVE-2026-4042: Tenda i12 1.0.0.6 Remote Stack Buffer Overfl in WifiMacFilterGet A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
I12 Firmware
CVE-2026-4041 Mar 12, 2026
Tenda i12: Stack-Based Buffer Overflow in vos_strcpy (1.0.0.6-2204) A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
I12 Firmware
CVE-2026-4008 Mar 12, 2026
Tenda W3 1.0.0.3 BPO Buffer Overflow via /goform/wifiSSIDset A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2026-4007 Mar 12, 2026
Remote Stack Buffer Overflow in Tenda W3 1.0.0.3 via /goform/wifiSSIDget A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-3976 Mar 12, 2026
Tenda W3 1.0.0.3 Remote Stack-Based Buffer Overflow via WifiMacFilterSet A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-3975 Mar 12, 2026
Stack-based overflow in Tenda W3 1.0.0.3 formWifiMacFilterGet via wl_radio A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-3974 Mar 12, 2026
Tenda W3 1.0.0.3 Remote RCE via HTTP Handler cmdinput (Stack BFO) A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-3973 Mar 12, 2026
Tenda W3 1.0.0.3 Remote bufoverflow in formSetAutoPing A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3972 Mar 12, 2026
Tenda W3 1.0.0.3(2204) HTTP Handler Stack-Based Buffer Overflow in formSetCfm A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used.
CVE-2026-3971 Mar 12, 2026
Tenda i3 1.0.0.6(2204) Buffer Overflow in formwrlSSIDset (wifiSSIDset) A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
I3 Firmware
CVE-2026-3970 Mar 12, 2026
Stack Buffer Overflow in Tenda i3 1.0.0.6(2204) WiFi SSID Get A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
I3 Firmware
CVE-2026-3811 Mar 09, 2026
Tenda FH1202 1.2.0.14 Remote stack overflow via /goform/P2pListFilter A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Fh1202 Firmware
CVE-2026-3810 Mar 09, 2026
Tenda FH1202 1.2.0.14 stack-based BOF in /goform/DhcpListClient A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Fh1202 Firmware
CVE-2026-3809 Mar 09, 2026
Tenda FH1202 1.2.0.14 Buffer Overflow via getNatStaticSetting (remote) A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
Fh1202 Firmware
CVE-2026-3808 Mar 09, 2026
Tenda FH1202 1.2.0.14 Remote Buffer Overflow in formWebTypeLibrary A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Fh1202 Firmware
CVE-2026-3807 Mar 09, 2026
Tenda FH1202 1.2.0.14 Remote Buffer Overflow in formWrlsafeset A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Fh1202 Firmware
CVE-2026-3804 Mar 09, 2026
Tenda i3 v1.0.0.6 Remote StackBased Buffer Overflow via WifiMacFilterSet A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-3803 Mar 09, 2026
Tenda i3 v1.0.0.6 Buffer Overflow in formWifiMacFilterGet (Remote) A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-3802 Mar 09, 2026
Stack Bof in Tenda i3 1.0.0.6 formexeCommand A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3801 Mar 09, 2026
Tenda i3 1.0.0.6 Stack Buffer Overflow in formSetAutoPing A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.