Tenda Ac1206 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda Ac1206 Firmware.
By the Year
In 2026 there have been 1 vulnerability in Tenda Ac1206 Firmware with an average score of 6.3 out of ten. Last year, in 2025 Ac1206 Firmware had 4 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 3.00
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 6.30 |
| 2025 | 4 | 9.30 |
| 2024 | 2 | 9.80 |
| 2023 | 0 | 0.00 |
| 2022 | 5 | 7.10 |
It may take a day or so for new Ac1206 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda Ac1206 Firmware Security Vulnerabilities
Tenda AC1206 15.03.06.23 HTTPD CmdInjection via /goform/BehaviorManager
CVE-2026-0581
6.3 - Medium
- January 05, 2026
A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Command Injection
Tenda AC1206 15.03.06.23 Stack B.O. in formSetMacFilterCfg
CVE-2025-7544
8.8 - High
- July 13, 2025
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AC1206 Buffer Overflow via /goform/openSchedWifi (<=15.03.06.23)
CVE-2025-4299
9.8 - Critical
- May 06, 2025
A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Tenda AC1206 Buffer Overflow in formSetCfm before 15.03.06.23
CVE-2025-4298
9.8 - Critical
- May 06, 2025
A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Tenda AC1206 15.03.06.23 WiFi Fast Setting Buffer Overflow (CVE-2025-3328)
CVE-2025-3328
8.8 - High
- April 07, 2025
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Memory Corruption
Tenda AC1206 Remote Stack BF via ate_Tenda_mfg_check_usb
CVE-2024-10434
9.8 - Critical
- October 28, 2024
A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
Command Injection in Tenda AC1206 <15.03.06.23 via /goform/ate
CVE-2024-9793
9.8 - Critical
- October 10, 2024
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Shell injection
Stack Overflow via sched_end_time in Tenda AC1206 v15.03.06.23 (IoT)
CVE-2022-42081
7.5 - High
- October 12, 2022
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.
Memory Corruption
Tenda AC1206 V15.03.06.23 heap overflow via sched_start_time
CVE-2022-42080
7.5 - High
- October 12, 2022
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.
Memory Corruption
Stack Overflow in Tenda AC1206 via formWifiBasicSet before RTL_V15.03
CVE-2022-42079
7.5 - High
- October 12, 2022
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.
Memory Corruption
Tenda AC1206 CSRF via fromSysToolRestoreSet before V1.0RTL_V15.03.06.23
CVE-2022-42078
6.5 - Medium
- October 12, 2022
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
Session Riding
Tenda AC1206 CSRF via fromSysToolReboot before 15.03.06.23
CVE-2022-42077
6.5 - Medium
- October 12, 2022
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda Ac1206 Firmware or by Tenda? Click the Watch button to subscribe.
