Tenda Ac500 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda Ac500 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Tenda Ac500 Firmware. Last year, in 2025 Ac500 Firmware had 1 security vulnerability published. Right now, Ac500 Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 8.80 |
| 2024 | 11 | 9.30 |
| 2023 | 3 | 9.03 |
It may take a day or so for new Ac500 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda Ac500 Firmware Security Vulnerabilities
Tenda AC500 2.0.1.9 Critical Remote Stack Buffer Overflow in formSetAPCfg
CVE-2025-7586
8.8 - High
- July 14, 2025
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
Stack Overflow in Tenda AC500 v2.0.1.9 Firmware via timeZone
CVE-2024-32320
- April 17, 2024
Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function.
Tenda AC500 V2.0.1.9 Stack Overflow via VLAN param in formSetVlanInfo
CVE-2024-32318
- April 17, 2024
Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function.
Tenda AC500 v2.0.1.9 Stack Overflow in firmware fromDhcpListClient
CVE-2024-32316
- April 17, 2024
Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function.
Command Injection in Tenda AC500 V2.0.1.9 Firmware
CVE-2024-32314
- April 17, 2024
Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
Buffer Overflow in Tenda AC500 v2.0.1.9 Goform/SetVlanInfo (DoS)
CVE-2023-46060
- April 17, 2024
A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component.
Tenda AC500 2.0.1.9 Command Injection via formWriteFacMac MAC arg
CVE-2024-3908
9.8 - Critical
- April 17, 2024
A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261144. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Command Injection
Tenda AC500 2.0.1.9-1307 Remote stack buffer overflow via DhcpListClient
CVE-2024-3910
8.8 - High
- April 17, 2024
A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Memory Corruption
Tenda AC500 2.0.1.9 Remote Stack Overflow via /goform/execCommand
CVE-2024-3909
9.8 - Critical
- April 17, 2024
A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Memory Corruption
Critical Stack Overflow in Tenda AC500 2.0.1.9 via formSetCfm
CVE-2024-3907
9.8 - Critical
- April 17, 2024
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Memory Corruption
Tenda AC500 2.0.1.9 PPPOEPassword Buffer Overflow
CVE-2024-3906
8.8 - High
- April 17, 2024
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Memory Corruption
Tenda AC500 2.0.1.9: Remote Stack Buffer Overflow via R7WebsSecurityHandler
CVE-2024-3905
8.8 - High
- April 17, 2024
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been classified as critical. This affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Memory Corruption
Tenda AC500 V2.0.1.9: Buffer Overflow in fromRouteStatic
CVE-2023-25233
9.8 - Critical
- February 27, 2023
Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.
Memory Corruption
Tenda AC500 v2.0.1.9 Buffer Overflow in formOneSsidCfgSet via ssid
CVE-2023-25235
7.5 - High
- February 27, 2023
Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid.
Memory Corruption
Buffer Overflow in fromAddressNat (Tenda AC500 V2.0.1.9)
CVE-2023-25234
9.8 - Critical
- February 27, 2023
Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda Ac500 Firmware or by Tenda? Click the Watch button to subscribe.
