Tenda Ac6 Firmware

Tenda AC6 15.03.05.16 SBBO in POST /goform/QuickIndex via PPPOEPassword
CVE-2026-4961 8.8 - High - March 27, 2026

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Stack Overflow

Stack-based overflow in Tenda AC6 15.03.05.16 via POST /goform/WizardHandle
CVE-2026-4960 8.8 - High - March 27, 2026

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Stack Overflow

Tenda AC6 15.03.06.50 Buffer Overflow in HTTP Request Handler
CVE-2025-12225 8.8 - High - October 27, 2025

A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Stack Overflow

Buffer Overflow in Tenda AC6 (v15.03.06.50) httpd setparentcontrolinfo
CVE-2025-7914 8.8 - High - July 21, 2025

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely.

Buffer Overflow

Buffer Overflow in Tenda AC6 v15.03.05.16_multi fromSetRouteStatic
CVE-2025-50263 - July 03, 2025

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.

Tenda AC6 v15.03.05.16 Buffer Overflow in formSetQosBand via list param
CVE-2025-50262 - July 03, 2025

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.

Buffer Overflow in Tenda AC6 15.03.05.16_multi (formSetFirewallCfg)
CVE-2025-50260 - July 03, 2025

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.

Tenda AC6 v15.03.05.16_multi Buffer Overflow in SetSysTimeCfg (time param)
CVE-2025-50258 - July 03, 2025

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter.

Buffer Overflow Tenda AC6 15.03.05.16_multi via deviceId
CVE-2025-50641 - July 01, 2025

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.

Tenda AC6 <= V15.03.05.19 Buffer Overflow in fromNatStaticSetting
CVE-2025-50528 - June 27, 2025

A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter.

Buffer Overflow in Tenda AC6 v15.03.05.16 via schedStartTime/schedEndTime
CVE-2025-46035 - June 12, 2025

Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint

Tenda AC6 15.03.05.16 formSetRebootTimer Buffer Overflow (Critical)
CVE-2025-5855 9.8 - Critical - June 09, 2025

A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda AC6 v15.03.05.16: LAN Mask Buffer Overflow in AdvSetLanip–Remote Exploit
CVE-2025-5854 8.8 - High - June 09, 2025

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda AC6 15.03.05.16: Stack Buffer Overflow in formSetSafeWanWebMan
CVE-2025-5853 8.8 - High - June 09, 2025

A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda AC6 15.03.05.16: Buffer Overflow in setPptpUserList func
CVE-2025-5852 8.8 - High - June 09, 2025

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda AC6 V15.03.05.16 Stack Overflow via setSmartPowerManagement (time param)
CVE-2025-44172 - June 02, 2025

Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.

Tenda AC6 V15.03.05.16 buf overflow via /goform/fast_setting_wifi_set (timeZone)
CVE-2025-29121 - March 20, 2025

A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow.

Tenda AC6 v15.03.05.16 Buffer Overflow in formSetSpeedWan
CVE-2025-29029 9.8 - Critical - March 14, 2025

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.

Memory Corruption

Tenda AC6 Buffer Overflow in formWifiWpsOOB (v15.03.05.16)
CVE-2025-29030 9.8 - Critical - March 14, 2025

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.

Memory Corruption

Buffer Overflow in Tenda AC6 v15.03.05.16 fromAddressNat
CVE-2025-29031 9.8 - Critical - March 14, 2025

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.

Memory Corruption

CVE-2025-1814: Tenda AC6 15.03.05.16 stack buf overflow in /goform/WifiExtraSet
CVE-2025-1814 9.8 - Critical - March 02, 2025

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Buffer Overflow in sub_452A4 of Tenda AC6 15.03.05.16_multi
CVE-2025-25505 - February 21, 2025

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.

RCE in Tenda AC6 15.03.05.16_multi formexeCommand (CVE-2025-25507)
CVE-2025-25507 - February 21, 2025

There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.

Tenda AC6 V15.03.05.16 Buffer Overflow in formexeCommand
CVE-2025-25343 9.8 - Critical - February 12, 2025

Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.

Classic Buffer Overflow

Tenda AC6 v15.03.06.50 Auth Bypass via Crafted Request
CVE-2024-46450 - January 16, 2025

Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.

Tenda AC6 v15.03.05.16: Stack Buffer Overflow in GetParentControlInfo
CVE-2025-0349 9.8 - Critical - January 09, 2025

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Buffer Overflow

Stack-based Buffer Overflow in Tenda AC6V2 guest_ip_check (before 15.03.06.50)
CVE-2024-52274 9.8 - Critical - December 04, 2024

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Memory Corruption

Tenda AC6V2 Stack-based Buffer Overflow in AdvSetLanip (pre 15.03.06.50)
CVE-2024-52272 9.8 - Critical - December 04, 2024

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Memory Corruption

Stack-based BOF in Tenda AC6V2 <=15.03.06.50 via setDoublePppoeConfig
CVE-2024-52273 9.8 - Critical - December 04, 2024

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Memory Corruption

Buffer Overflow in Tenda AC6V2 (<=15.03.06.50) via fromWizardHandle
CVE-2024-52275 9.8 - Critical - December 04, 2024

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.

Memory Corruption

Tenda AC6 v2.0 Buffer Overflow in 'fromSetSysTime' Function
CVE-2024-52714 9.8 - Critical - November 19, 2024

Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime.

Classic Buffer Overflow

Tenda AC6 v2 Buffer Overflow in formSetPPTPServer
CVE-2024-51116 - November 05, 2024

Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'.

Tenda AC6 v15.03.05.19 Stack-Based Buffer Overflow in SetOnlineDevName
CVE-2024-10698 9.8 - Critical - November 02, 2024

A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda AC6 v15.03.05.19 API Endpoint Command Injection Vulnerability
CVE-2024-10697 9.8 - Critical - November 02, 2024

A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Command Injection

Stack overflow in Tenda AC6 firmware US_AC6V5.0re_V03.03.02.01 via /goform/PowerSaveSet
CVE-2023-24332 - February 21, 2024

A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet.

Tenda AC6 v15.03.05.19 Buffer Overflow via Index Parameter
CVE-2023-40830 9.8 - Critical - October 03, 2023

Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.

Classic Buffer Overflow

Tenda AC6 Stack Overflow via SSID Before v15.03.05.09
CVE-2023-26976 7.5 - High - April 04, 2023

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

Memory Corruption

Tenda AC6V1.0 Buffer Overflow via formSetMacFilterCfg (V15.03.05.19)
CVE-2022-45641 7.5 - High - December 02, 2022

Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.

Classic Buffer Overflow

Tenda AC6V1.0 V15.03.05.19 CSRF via fromSysToolRestoreSet
CVE-2022-45673 6.5 - Medium - December 02, 2022

Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.

Session Riding

CSRF in Tenda AC6 V15.03.05.19 via fromSysToolReboot (v1.0)
CVE-2022-45674 6.5 - Medium - December 02, 2022

Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.

Session Riding

Buffer Overflow in Tenda AC6 V15.03.05.19 Causes Local DoS
CVE-2022-45640 7.5 - High - December 01, 2022

Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).

Memory Corruption

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices
CVE-2020-28095 7.5 - High - December 30, 2020

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.

Infinite Loop