Tenda Tenda

  1. Vendors
  2. Tenda

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Tenda product.

RSS Feeds for Tenda security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Tenda products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Tenda Sorted by Most Security Vulnerabilities since 2018

Tenda Ac1864 vulnerabilities

Tenda Ac18 Firmware63 vulnerabilities

Tenda Ac10 Firmware52 vulnerabilities

Tenda Fh1202 Firmware49 vulnerabilities

Tenda W30e Firmware48 vulnerabilities

Tenda Ac6 Firmware46 vulnerabilities

Tenda Ac1544 vulnerabilities

Tenda Ac15 Firmware40 vulnerabilities

Tenda Ac7 Firmware39 vulnerabilities

Tenda Ac8 Firmware39 vulnerabilities

Tenda Fh1206 Firmware37 vulnerabilities

Tenda Ax1803 Firmware36 vulnerabilities

Tenda Ch22 Firmware34 vulnerabilities

Tenda Ac732 vulnerabilities

Tenda Ac9 Firmware29 vulnerabilities

Tenda F1203 Firmware28 vulnerabilities

Tenda W15e Firmware28 vulnerabilities

Tenda Fh451 Firmware27 vulnerabilities

Tenda Ax1806 Firmware26 vulnerabilities

Tenda F453 Firmware25 vulnerabilities

Tenda Fh1205 Firmware24 vulnerabilities

Tenda Ac5 Firmware24 vulnerabilities

Tenda Fh1201 Firmware23 vulnerabilities

Tenda Wh450 Firmware21 vulnerabilities

Tenda Fh1203 Firmware21 vulnerabilities

Tenda O3 Firmware20 vulnerabilities

Tenda F451 Firmware20 vulnerabilities

Tenda I21 Firmware19 vulnerabilities

Tenda A15 Firmware19 vulnerabilities

Tenda Ac23 Firmware18 vulnerabilities

Tenda Ch2218 vulnerabilities

Tenda W20e Firmware17 vulnerabilities

Tenda I22 Firmware16 vulnerabilities

Tenda Ac500 Firmware15 vulnerabilities

Tenda Ac10u Firmware15 vulnerabilities

Tenda W18e Firmware14 vulnerabilities

Tenda F1202 Firmware14 vulnerabilities

Tenda Ax12 Firmware14 vulnerabilities

Tenda Tx3 Firmware13 vulnerabilities

Tenda Rx3 Firmware13 vulnerabilities

Tenda Ac1206 Firmware12 vulnerabilities

Tenda Ac20 Firmware12 vulnerabilities

Tenda Ac21 Firmware11 vulnerabilities

Tenda Rx2 Pro Firmware11 vulnerabilities

Tenda I9 Firmware10 vulnerabilities

Tenda W6 S Firmware10 vulnerabilities

Tenda M3 Firmware9 vulnerabilities

Tenda I12 Firmware9 vulnerabilities

Tenda W12 Firmware8 vulnerabilities

Tenda 4g300 Firmware7 vulnerabilities

Tenda W9 Firmware7 vulnerabilities

Tenda Cp3 Firmware6 vulnerabilities

Tenda O36 vulnerabilities

Tenda G3 Firmware6 vulnerabilities

Tenda Tx9 Pro Firmware5 vulnerabilities

Tenda Rx9 Pro Firmware5 vulnerabilities

Tenda A18 Firmware5 vulnerabilities

Tenda G103 Firmware5 vulnerabilities

Tenda O6 Firmware4 vulnerabilities

Tenda Ac6v2 0 Firmware4 vulnerabilities

Tenda Hg10 Firmware4 vulnerabilities

Tenda F3 Firmware4 vulnerabilities

Tenda Ax3 Firmware4 vulnerabilities

Tenda Hg7hg93 vulnerabilities

Tenda Hg103 vulnerabilities

Tenda Tx9 Firmware3 vulnerabilities

Tenda I3 Firmware3 vulnerabilities

Tenda Cx12l Firmware3 vulnerabilities

Tenda W122 vulnerabilities

Tenda I29 Firmware2 vulnerabilities

Tenda Cp3 Pro Firmware2 vulnerabilities

Tenda N301 Firmware2 vulnerabilities

Tenda O1 Firmware2 vulnerabilities

Tenda O5 Firmware1 vulnerability

Tenda O4 Firmware1 vulnerability

Tenda 11n Firmware1 vulnerability

Tenda F456 Firmware1 vulnerability

Tenda Ac61 vulnerability

Tenda Ac81 vulnerability

Tenda Ac8v4 Firmware1 vulnerability

Tenda Ap500v1 Firmware1 vulnerability

Tenda Ac231 vulnerability

Tenda Ax2 Pro Firmware1 vulnerability

Tenda Ax9 Firmware1 vulnerability

Tenda Ac211 vulnerability

Tenda N300 Wireless N Vdsl2 Modem Router1 vulnerability

Tenda Ac12061 vulnerability

Tenda Ac11 Firmware1 vulnerability

Tenda Ac10v4 Firmware1 vulnerability

Tenda A301 Firmware1 vulnerability

Tenda G1 Firmware1 vulnerability

Tenda I12 Framework1 vulnerability

Tenda I24 Firmware1 vulnerability

Tenda N300 Firmware1 vulnerability

Known Exploited Tenda Vulnerabilities

The following Tenda vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Tenda AC11 Up to 02.03.01.104_CN Stack Buffer Overflow Tenda AC11 devices with firmware through 02.03.01.104_CN contain a stack buffer overflow vulnerability in /goform/setmac which allows for arbitrary execution.
CVE-2021-31755 Exploit Probability: 85.8% 		November 3, 2021
Tenda Router Code Execution The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10987 Exploit Probability: 79.7% 		November 3, 2021
Tenda Router Command Injection Vulnerability Issue on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
CVE-2018-14558 Exploit Probability: 8.7% 		November 3, 2021

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 265 vulnerabilities in Tenda with an average score of 8.4 out of ten. Last year, in 2025 Tenda had 372 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Tenda in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.15




Year Vulnerabilities Average Score
2026 265 8.40
2025 372 8.55
2024 405 8.96
2023 100 9.26
2022 187 8.38
2021 2 7.60
2020 2 8.65

It may take a day or so for new Tenda vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Tenda Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-51843 Jun 19, 2026
Tenda AC7 stack buffer overflow via wanMTU param Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.
Ac7
CVE-2026-51844 Jun 19, 2026
Tenda AC7 v15.03.06.44 Buffer Overflow via /goform/AdvSetMacMtuWan cloneType Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter.
Ac7
CVE-2026-51845 Jun 19, 2026
Tenda AC7 15.03.06.44 stack buffer overflow in AdvSetMacMtuWan via mac Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.
Ac7
CVE-2026-51846 Jun 19, 2026
Tenda AC7 v15.03.06.44 RCE via WAN Speed Buffer Overflow In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution.
Ac7
CVE-2026-11557 Jun 08, 2026
Tenda F451 1.0.0.7/9 Natlimit stack buffer overflow (WebMgr) A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
F451 Firmware
CVE-2026-11556 Jun 08, 2026
Tenda F451 1.0.0.7/1.0.0.9 - OS Command Injection via formWriteFacMac A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
F451 Firmware
CVE-2026-11553 Jun 08, 2026
Remote Stack Buffer Overflow in Tenda HG7HG9/HG10 via formPPPEdit encodename A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
Hg7hg9
Hg10
CVE-2026-11528 Jun 08, 2026
Tenda AC18 15.03.05.05: Web Management Interface stack overflow via callback A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
Ac18 Firmware
CVE-2026-11524 Jun 08, 2026
Tenda W20E 15.11.0.6: Remote Stack-Buffer-Overflow in modifyWifiFilterRules A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
W20e Firmware
CVE-2026-11523 Jun 08, 2026
Stack Overflow in Tenda W20E 15.11.0.6 WebMgr - formPortalAuth (gotoUrl) A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
W20e Firmware
CVE-2026-11522 Jun 08, 2026
Tenda W20E 15.11.0.6 formSetPortMirror stack-based buffer overflow A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
W20e Firmware
CVE-2026-11504 Jun 08, 2026
Stack Buffer Overflow in Tenda CX12L 16.03.53.12 (WiFi Schedule setSchedWifi) A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Cx12l Firmware
CVE-2026-11503 Jun 08, 2026
Tenda CX12L 16.03.53.12: Wi-Fi Config Buf Overflow via form_fast_setting_wifi_set A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Cx12l Firmware
CVE-2026-11499 Jun 08, 2026
Stack-based Buffer Overflow in Tenda HG7HG9/HG10 formDOMAINBLK A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.
Hg7hg9
Hg10
CVE-2026-11498 Jun 08, 2026
Remote Stack Buffer Overflow in Tenda HG7HG9/HG10 Web Mgmt Interface A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely.
Hg7hg9
Hg10
CVE-2026-11493 Jun 08, 2026
Tenda AC15 15.03.05.19 Samba Weak Password via smb.conf A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks.
Ac15 Firmware
CVE-2026-10192 May 31, 2026
Tenda W12 v3.0.0.7 Buffer Overflow in /bin/httpd (remote) A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
W12 Firmware
CVE-2026-10191 May 31, 2026
Tenda W12 3.0.0.7: Stack Buffer Overflow in cgiWifiMacFilterSet (httpd) A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
W12 Firmware
CVE-2026-10190 May 31, 2026
Tenda W12 3.0.0.7 DoS via WebMgmt Timeout Set (cgiSysWebTimeoutSet) A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the attack remotely. The exploit has been made public and could be used.
W12 Firmware
CVE-2026-10189 May 31, 2026
Stack Bof in Tenda W12 3.0.0.7 cgiSysTimeInfoSet A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
W12 Firmware
CVE-2026-10188 May 31, 2026
Tenda W12 3.0.0.7 Remote Stack Buffer Overflow via cgistaKickOff A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
W12 Firmware
CVE-2026-9431 May 25, 2026
Tenda F1202 1.2.0.20 stack overflow via opttype in /goform/PptpUserAdd A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.
F1202 Firmware
CVE-2026-9430 May 25, 2026
Tenda F1202 1.2.0.20 Buffer Overflow in formGstDhcpSetSer (remote) A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
F1202 Firmware
CVE-2026-9429 May 25, 2026
Stack overflow in Tenda F1202 1.2.0.20(408) formWrlExtraSet A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
F1202 Firmware
CVE-2026-9428 May 25, 2026
Stack Overflow in Tenda F1202 1.2.0.20 via PPTPUserSetting A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
F1202 Firmware
CVE-2026-9389 May 24, 2026
Remote Buffer Overflow in Tenda F456 1.0.0.5 frmL7Im via /goform/L7Im A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
F456 Firmware
CVE-2026-8265 May 11, 2026
Tenda AC6 (v15.03.06.23) OS Command Injection via get_log_file A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Ac6 Firmware
CVE-2026-8264 May 11, 2026
Tenda AC6 15.03.06.23 cmd injection via /goform/WifiApScan A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Ac6 Firmware
CVE-2026-8263 May 11, 2026
OS Command Injection in Tenda AC6 httpd (15.03.06.49) via WifiExtraSet A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Ac6 Firmware
CVE-2026-8259 May 11, 2026
Tenda AC6 OS Command Injection via /goform/telnet LAN IP (v2.0/15.03.06.23) A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Ac6 Firmware
CVE-2026-8138 May 08, 2026
Tenda CX12L 16.03.53.12 Stack Buffer Overflow in formSetPPTPServer A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Cx12l Firmware
CVE-2026-7470 Apr 30, 2026
Tenda 4G300 SafeMacFilter Stack BoF pre 1.0.1 A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
4g300 Firmware
CVE-2026-7469 Apr 30, 2026
Tenda 4G300 /goform/DelFil Command Injection (before v1.0mt_v1.01.42_CN_TDC01) A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
4g300 Firmware
CVE-2018-25318 Apr 29, 2026
Tenda FH303/A300 V5.07.68_EN DNS Endpoint Session Cookie Bypass Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS servers and redirect user traffic to malicious sites.
CVE-2018-25317 Apr 29, 2026
Tenda W3002R/302/309R V5.07.64_en Cookie Session Weakness Alters DNS Settings Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.
CVE-2018-25316 Apr 29, 2026
Tenda W308R v2 V5.07.48 Cookie Session Weakness (CVE-2018-25316) Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites.
CVE-2026-7160 Apr 27, 2026
Remote Command Injection via formTracert in Tenda HG3 2.0 (datasize) A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2026-7151 Apr 27, 2026
Tenda HG3 2.0 Stack-based Buffer Overflow in formUploadConfig A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-7119 Apr 27, 2026
Tenda HG3 2.0 OS Command Injection via /boaform/formCountrystr A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-7102 Apr 27, 2026
Remote Command Injection via /goform/WriteFacMac in Tenda F456 (1.0.0.5) A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVE-2026-7101 Apr 27, 2026
Tenda F456 1.0.0.5 httpd buffer overflow via fromWrlclientSet A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2026-7100 Apr 27, 2026
Tenda F456 1.0.0.5 Buffer Overflow in httpd Natlimit via /goform/Natlimit A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
CVE-2026-7099 Apr 27, 2026
Tenda F456 1.0.0.5 Remote Buffer Overflow in httpd (mit_linktype) A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVE-2026-7098 Apr 27, 2026
Tenda F456 1.0.0.5 Remote Buffer Overflow in httpd fromDhcpListClient A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-7097 Apr 27, 2026
Tenda F456 1.0.0.5 HTTPD Buffer Overflow via webExcptypemanFilter A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-7096 Apr 27, 2026
OS Command Injection in Tenda HG3 2.0 via formgponConf A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-7082 Apr 27, 2026
Tenda F456 1.0.0.5 httpd buffer overflow via formWrlExtraSet A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2026-7081 Apr 27, 2026
Tenda F456 1.0.0.5 httpd buffer overflow via /goform/GstDhcpSetSer A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2026-7080 Apr 27, 2026
Tenda F456 1.0.0.5 HTTPD Buffer Overflow via PPTPUserSetting A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-7079 Apr 27, 2026
Remote Buffer Overflow in Tenda F456 1.0.0.5 HTTPd fromAdvSetWan A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.