Tenda Ac15 Firmware

Stack Buffer Overflow in Tenda AC15 15.03.05.19 POST /goform/setcfm
CVE-2026-4975 8.8 - High - March 27, 2026

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Stack Overflow

Tenda AC15 <=15.13.07.13 stack buffer overflow via wpapsk_crypto2_4g
CVE-2026-3400 8.8 - High - March 01, 2026

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Stack Overflow

Stack Buffer Overflow in Tenda AC15 15.03.05.18 /goform/saveAutoQos Remote Exploit
CVE-2025-11389 8.8 - High - October 07, 2025

A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

Stack Overflow

Tenda AC15 V15.03.05.18 Remote SRB Overflow via /goform/setNotUpgrade
CVE-2025-11388 8.8 - High - October 07, 2025

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.

Stack Overflow

Tenda AC15 15.03.05.18 Stack Buffer Overflow in fast_setting_pppoe_set
CVE-2025-11387 8.8 - High - October 07, 2025

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Stack Overflow

Tenda AC15 15.03.05.18 Stack Buffer Overflow in SetDDNSCfg POST ddnsEn
CVE-2025-11386 8.8 - High - October 07, 2025

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

Stack Overflow

Tenda AC15 15.13.07.13 FW Update Handler RCE via auth bypass
CVE-2025-8979 6.6 - Medium - August 14, 2025

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Insufficient Verification of Data Authenticity

Tenda AC15 15.03.05.19_multi LAN Mask Buffer Overflow in AdvSetLanip
CVE-2025-5851 8.8 - High - June 09, 2025

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Critical Buffer Overflow in Tenda AC15 15.03.05.19_multi RemoteWebCfg AP
CVE-2025-5849 8.8 - High - June 08, 2025

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda AC15 15.03.05.19_multi Remote HTTP POST Buffer Overflow via formsetschedled
CVE-2025-5850 8.8 - High - June 08, 2025

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda AC15 v15.03.05.19_multi Buffer Overflow in formSetPPTPUserList
CVE-2025-5848 8.8 - High - June 08, 2025

A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

CVE-2025-3786: BOF in Tenda AC15 <=15.03.05.19 /goform/WifiExtraSet
CVE-2025-3786 8.8 - High - April 18, 2025

A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Tenda Ac15 V15.13.07.13 Buffer Overflow in webCgiGetUploadFile
CVE-2025-29462 - April 03, 2025

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.

Tenda AC15 v15.03.05.19 CMD Injection via /goform/telnet
CVE-2025-25632 - March 05, 2025

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.

Tenda AC15 v15.03.05.19 stack overflow via GetParentControlInfo src
CVE-2025-25634 - March 05, 2025

A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.

Tenda AC15 15.13.07.13 Buffer Overflow via SetDevNetName (mac)
CVE-2025-0566 8.8 - High - January 19, 2025

A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda AC15 v15.03.05.19 Stack-Based Buffer Overflow in SetOnlineDevName
CVE-2024-10662 8.8 - High - November 01, 2024

A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda AC15 v15.03.05.19 SetDlnaCfg Stack-Based Buffer Overflow Vulnerability
CVE-2024-10661 8.8 - High - November 01, 2024

A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda AC15 V15.03.05.20 SetIPTVCfg CMD Injection in goform
CVE-2023-36103 9.8 - Critical - September 10, 2024

Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.

Command Injection

Stack Overflow Denial of Service in Tenda AC15 v15.03.05.18 via LISTEN parameter
CVE-2024-30840 - April 15, 2024

A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.

Cmd Injection in Tenda AC15V1.0 V15.03.20_multi via deviceName Param
CVE-2024-30645 - March 29, 2024

Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.

Stack overflow in setSmartPowerManagement on Tenda AC15 v15.03.05.18
CVE-2024-30613 - March 29, 2024

Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.

Tenda AC15 v15.03.05.18/15.03.20_multi crit stk buf ovf via formSetSpeedWan
CVE-2024-2805 8.8 - High - March 22, 2024

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Stack Buf Overf in Tenda AC15 v15.03.05.19 GetValue
CVE-2023-30370 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability.

Memory Corruption

Stack Overflow in Tenda AC15 V15.03.05.19 via sub_ED14
CVE-2023-30371 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability.

Memory Corruption

Tenda AC15 v15.03.05.19 Buffer Overflow in xkjs_ver32
CVE-2023-30372 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability.

Memory Corruption

STK BUFOVF in Tenda AC15 V15.03.05.19
CVE-2023-30373 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability.

Memory Corruption

Stack Buffer Overflow in Tenda AC15 AC15 V15.03.05.19 getIfIp (CVE202330375)
CVE-2023-30375 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability.

Memory Corruption

CVE-2023-30376: Stack Buffer Overflow in Tenda AC15 V15.03.05.19 henan_pppoe_user
CVE-2023-30376 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability.

Memory Corruption

Tenda AC15 v15.03.05.19 Stack-Based Buffer Overflow in sub_8EE8
CVE-2023-30378 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability.

Memory Corruption

Buffer Overflow in Tenda AC15 Firmware V15.03.05.19
CVE-2023-30369 9.8 - Critical - April 24, 2023

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.

Memory Corruption

Buffer Overflow in Tenda AC15 V15.03.05.19 (formSetIpMacBind)
CVE-2022-44156 7.5 - High - November 21, 2022

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.

Memory Corruption

Buffer Overflow in Tenda AC15 V15.03.05.18 via formSetPPTPServer
CVE-2022-44167 7.5 - High - November 21, 2022

Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.

Memory Corruption

Buffer Overflow in Tenda AC15 (V15.03.05.18) via formSetVirtualSer
CVE-2022-44169 7.5 - High - November 21, 2022

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.

Memory Corruption

Tenda AC15 Buffer Overflow via fromSetRouteStatic (V15.03.05.18)
CVE-2022-44168 7.5 - High - November 21, 2022

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..

Memory Corruption

Stack overflow via timeZone param in Tenda AC15 firmware v15.03.05.18
CVE-2022-43259 7.5 - High - October 18, 2022

Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.

Memory Corruption

Stack Overflow in Tenda AC15 (V15.03.05.19) via fromAddressNat
CVE-2022-40851 9.8 - Critical - September 23, 2022

Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.

Memory Corruption

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19
CVE-2020-10987 9.8 - Critical - July 13, 2020

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.

Shell injection