Tenda Tenda

  1. Vendors
  2. Tenda

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Tenda product.

RSS Feeds for Tenda security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Tenda products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Tenda Sorted by Most Security Vulnerabilities since 2018

Tenda Ac1864 vulnerabilities

Tenda Ac18 Firmware62 vulnerabilities

Tenda Ac10 Firmware52 vulnerabilities

Tenda Fh1202 Firmware49 vulnerabilities

Tenda W30e Firmware48 vulnerabilities

Tenda Ac6 Firmware46 vulnerabilities

Tenda Ac1544 vulnerabilities

Tenda Ac8 Firmware39 vulnerabilities

Tenda Ac7 Firmware39 vulnerabilities

Tenda Ac15 Firmware39 vulnerabilities

Tenda Fh1206 Firmware37 vulnerabilities

Tenda Ax1803 Firmware36 vulnerabilities

Tenda Ch22 Firmware34 vulnerabilities

Tenda Ac9 Firmware29 vulnerabilities

Tenda Ac728 vulnerabilities

Tenda F1203 Firmware28 vulnerabilities

Tenda W15e Firmware28 vulnerabilities

Tenda Fh451 Firmware27 vulnerabilities

Tenda Ax1806 Firmware26 vulnerabilities

Tenda F453 Firmware25 vulnerabilities

Tenda Ac5 Firmware24 vulnerabilities

Tenda Fh1205 Firmware24 vulnerabilities

Tenda Fh1201 Firmware23 vulnerabilities

Tenda Wh450 Firmware21 vulnerabilities

Tenda Fh1203 Firmware21 vulnerabilities

Tenda O3 Firmware20 vulnerabilities

Tenda A15 Firmware19 vulnerabilities

Tenda I21 Firmware19 vulnerabilities

Tenda F451 Firmware18 vulnerabilities

Tenda Ch2218 vulnerabilities

Tenda Ac23 Firmware18 vulnerabilities

Tenda I22 Firmware16 vulnerabilities

Tenda Ac10u Firmware15 vulnerabilities

Tenda Ac500 Firmware15 vulnerabilities

Tenda Ax12 Firmware14 vulnerabilities

Tenda W20e Firmware14 vulnerabilities

Tenda W18e Firmware14 vulnerabilities

Tenda Tx3 Firmware13 vulnerabilities

Tenda Rx3 Firmware13 vulnerabilities

Tenda Ac1206 Firmware12 vulnerabilities

Tenda Ac20 Firmware12 vulnerabilities

Tenda Ac21 Firmware11 vulnerabilities

Tenda Rx2 Pro Firmware11 vulnerabilities

Tenda I9 Firmware10 vulnerabilities

Tenda F1202 Firmware10 vulnerabilities

Tenda W6 S Firmware10 vulnerabilities

Tenda I12 Firmware9 vulnerabilities

Tenda M3 Firmware9 vulnerabilities

Tenda 4g300 Firmware7 vulnerabilities

Tenda W9 Firmware7 vulnerabilities

Tenda Cp3 Firmware6 vulnerabilities

Tenda G3 Firmware6 vulnerabilities

Tenda O36 vulnerabilities

Tenda A18 Firmware5 vulnerabilities

Tenda G103 Firmware5 vulnerabilities

Tenda Rx9 Pro Firmware5 vulnerabilities

Tenda Tx9 Pro Firmware5 vulnerabilities

Tenda F3 Firmware4 vulnerabilities

Tenda Ac6v2 0 Firmware4 vulnerabilities

Tenda O6 Firmware4 vulnerabilities

Tenda Hg10 Firmware4 vulnerabilities

Tenda Ax3 Firmware4 vulnerabilities

Tenda I3 Firmware3 vulnerabilities

Tenda W12 Firmware3 vulnerabilities

Tenda Tx9 Firmware3 vulnerabilities

Tenda Cp3 Pro Firmware2 vulnerabilities

Tenda I29 Firmware2 vulnerabilities

Tenda W122 vulnerabilities

Tenda N301 Firmware2 vulnerabilities

Tenda O1 Firmware2 vulnerabilities

Tenda Ac10v4 Firmware1 vulnerability

Tenda 11n Firmware1 vulnerability

Tenda Ac231 vulnerability

Tenda A301 Firmware1 vulnerability

Tenda Ac211 vulnerability

Tenda Ac12061 vulnerability

Tenda Ac11 Firmware1 vulnerability

Tenda Ac61 vulnerability

Tenda O5 Firmware1 vulnerability

Tenda O4 Firmware1 vulnerability

Tenda Ac81 vulnerability

Tenda N300 Wireless N Vdsl2 Modem Router1 vulnerability

Tenda N300 Firmware1 vulnerability

Tenda Ac8v4 Firmware1 vulnerability

Tenda Ap500v1 Firmware1 vulnerability

Tenda I24 Firmware1 vulnerability

Tenda Ax2 Pro Firmware1 vulnerability

Tenda I12 Framework1 vulnerability

Tenda Ax9 Firmware1 vulnerability

Tenda G1 Firmware1 vulnerability

Tenda Cx12l Firmware1 vulnerability

Known Exploited Tenda Vulnerabilities

The following Tenda vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Tenda AC11 Up to 02.03.01.104_CN Stack Buffer Overflow Tenda AC11 devices with firmware through 02.03.01.104_CN contain a stack buffer overflow vulnerability in /goform/setmac which allows for arbitrary execution.
CVE-2021-31755 Exploit Probability: 94.0% 		November 3, 2021
Tenda Router Code Execution The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10987 Exploit Probability: 93.7% 		November 3, 2021
Tenda Router Command Injection Vulnerability Issue on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
CVE-2018-14558 Exploit Probability: 78.3% 		November 3, 2021

Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 239 vulnerabilities in Tenda with an average score of 8.4 out of ten. Last year, in 2025 Tenda had 372 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Tenda in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.19




Year Vulnerabilities Average Score
2026 239 8.35
2025 372 8.55
2024 405 8.96
2023 100 9.26
2022 187 8.38
2021 2 7.60
2020 2 8.65

It may take a day or so for new Tenda vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Tenda Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-8265 May 11, 2026
Tenda AC6 (v15.03.06.23) OS Command Injection via get_log_file A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Ac6 Firmware
CVE-2026-8264 May 11, 2026
Tenda AC6 15.03.06.23 cmd injection via /goform/WifiApScan A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Ac6 Firmware
CVE-2026-8263 May 11, 2026
OS Command Injection in Tenda AC6 httpd (15.03.06.49) via WifiExtraSet A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Ac6 Firmware
CVE-2026-8259 May 11, 2026
Tenda AC6 OS Command Injection via /goform/telnet LAN IP (v2.0/15.03.06.23) A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Ac6 Firmware
CVE-2026-8138 May 08, 2026
Tenda CX12L 16.03.53.12 Stack Buffer Overflow in formSetPPTPServer A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Cx12l Firmware
CVE-2026-7470 Apr 30, 2026
Tenda 4G300 SafeMacFilter Stack BoF pre 1.0.1 A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
4g300 Firmware
CVE-2026-7469 Apr 30, 2026
Tenda 4G300 /goform/DelFil Command Injection (before v1.0mt_v1.01.42_CN_TDC01) A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
4g300 Firmware
CVE-2018-25318 Apr 29, 2026
Tenda FH303/A300 V5.07.68_EN DNS Endpoint Session Cookie Bypass Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS servers and redirect user traffic to malicious sites.
CVE-2018-25317 Apr 29, 2026
Tenda W3002R/302/309R V5.07.64_en Cookie Session Weakness Alters DNS Settings Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.
CVE-2018-25316 Apr 29, 2026
Tenda W308R v2 V5.07.48 Cookie Session Weakness (CVE-2018-25316) Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites.
CVE-2026-7160 Apr 27, 2026
Remote Command Injection via formTracert in Tenda HG3 2.0 (datasize) A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2026-7151 Apr 27, 2026
Tenda HG3 2.0 Stack-based Buffer Overflow in formUploadConfig A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-7119 Apr 27, 2026
Tenda HG3 2.0 OS Command Injection via /boaform/formCountrystr A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-7102 Apr 27, 2026
Remote Command Injection via /goform/WriteFacMac in Tenda F456 (1.0.0.5) A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVE-2026-7101 Apr 27, 2026
Tenda F456 1.0.0.5 httpd buffer overflow via fromWrlclientSet A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2026-7100 Apr 27, 2026
Tenda F456 1.0.0.5 Buffer Overflow in httpd Natlimit via /goform/Natlimit A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
CVE-2026-7099 Apr 27, 2026
Tenda F456 1.0.0.5 Remote Buffer Overflow in httpd (mit_linktype) A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVE-2026-7098 Apr 27, 2026
Tenda F456 1.0.0.5 Remote Buffer Overflow in httpd fromDhcpListClient A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-7097 Apr 27, 2026
Tenda F456 1.0.0.5 HTTPD Buffer Overflow via webExcptypemanFilter A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-7096 Apr 27, 2026
OS Command Injection in Tenda HG3 2.0 via formgponConf A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-7082 Apr 27, 2026
Tenda F456 1.0.0.5 httpd buffer overflow via formWrlExtraSet A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2026-7081 Apr 27, 2026
Tenda F456 1.0.0.5 httpd buffer overflow via /goform/GstDhcpSetSer A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2026-7080 Apr 27, 2026
Tenda F456 1.0.0.5 HTTPD Buffer Overflow via PPTPUserSetting A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-7079 Apr 27, 2026
Remote Buffer Overflow in Tenda F456 1.0.0.5 HTTPd fromAdvSetWan A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-7078 Apr 27, 2026
Tenda F456 1.0.0.5 httpd BOV via /goform/SetIpBind A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-31255 Apr 27, 2026
Cmd Injection in Tenda AC18 v15.03.05.05 /goform/SetSambaCfg A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.
Ac18
CVE-2026-7057 Apr 26, 2026
Buffer Overflow in Tenda F456 v1.0.0.5 httpd (/goform/setcfm) A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVE-2026-7056 Apr 26, 2026
Tenda F456 1.0.0.5 Remote Buffer Overflow in SafeUrlFilter A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-7055 Apr 26, 2026
Tenda F456 1.0.0.5 Remote Buffer Overflow in httpd via fromVirtualSer A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-7054 Apr 26, 2026
Remote buffer overflow in Tenda F456 1.0.0.5 httpd PPTPDClient A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-7053 Apr 26, 2026
Tenda F456 1.0.0.5 httpd BufOv via frmL7Prot A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVE-2026-7036 Apr 26, 2026
Tenda i9 1.0.0.5-2204 Path Traversal via HTTP Handler (Remote) A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
I9 Firmware
CVE-2026-7035 Apr 26, 2026
Tenda FH1202 1.2.0.14 Remote Stack-Based Buffer Overflow via httpd/WrlclientSet A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Fh1202 Firmware
CVE-2026-7034 Apr 26, 2026
Tenda FH1202 1.2.0.14 Buffer Overflow via WrlExtraSet (httpd) A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
Fh1202 Firmware
CVE-2026-7033 Apr 26, 2026
Tenda F456 1.0.0.5 SafeClientFilter Buffer Overflow (Remote) A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-7032 Apr 26, 2026
Tenda F456 1.0.0.5 SafeEmailFilter Bof A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2026-7031 Apr 26, 2026
Tenda F456 1.0.0.5 Remote Buffer Overflow in SafeMacFilter A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVE-2026-7030 Apr 26, 2026
Tenda F456 1.0.0.5 Buffer Overflow in fromRouteStatic (page) A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-7029 Apr 26, 2026
Tenda F456 1.0.0.5 buffer overflow in /goform/addressNat via fromaddressNat A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CVE-2026-7019 Apr 26, 2026
Buffer Overflow in Tenda F456 1.0.0.5 via fromP2pListFilter A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVE-2026-6989 Apr 25, 2026
Tenda F453 Telnet Service cmdinj till v1.0.0.3 A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
F453 Firmware
CVE-2026-6988 Apr 25, 2026
Tenda HG10 Boa Service buffer overflow via nextHop A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Hg10 Firmware
CVE-2026-6632 Apr 20, 2026
Tenda F451 1.0.0.7 httpd fromSafeClientFilter Buffer Overflow A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
F451 Firmware
CVE-2026-6631 Apr 20, 2026
Tenda F451 1.0.0.7 buffer overflow via httpd webExcptypemanFilter A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
F451 Firmware
CVE-2026-6630 Apr 20, 2026
Tenda F451 1.0.0.7_cn_svn7958 httpd Buffer Overflow via fromGstDhcpSetSer A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
F451 Firmware
CVE-2026-6200 Apr 13, 2026
Tenda F456 1.0.0.5 StackBufOvfl via formwebtypelibrary A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-6199 Apr 13, 2026
Tenda F456 1.0.0.5 Stack Blk Overflow via /goform/qossetting A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVE-2026-6198 Apr 13, 2026
Tenda F456 1.0.0.5 fromNatStaticSetting Stack-based BOV A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-6197 Apr 13, 2026
Stack Buffer Overflow via formWrlsafeset in Tenda F456 1.0.0.5 A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2026-6196 Apr 13, 2026
Stack Buffer Overflow in Tenda F456 1.0.0.5 /goform/exeCommand A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.