Tenda Ac7

Plaintext Credentials in Tenda AC7 Firmware vV03.03.03.01_cn and Earlier
CVE-2026-24441 - February 03, 2026

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.

Cleartext Transmission of Sensitive Information

Tenda AC7 v03.03.03.01_cn: Plaintext Admin Creds in Config
CVE-2026-24427 - February 03, 2026

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.

Insertion of Sensitive Information Into Sent Data

Tenda AC7 15.03.06.44 Buffer Overflow in /goform/setNotUpgrade (remote)
CVE-2025-11586 8.8 - High - October 10, 2025

A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Stack Overflow

Tenda AC7 15.03.06.44 Stack Overflow in /goform/saveAutoQos Remote
CVE-2025-11528 8.8 - High - October 09, 2025

A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Stack Overflow

Tenda AC7 15.03.06.44 Remote Stack Overflow via Password in /goform/fast_setting_pppoe_set
CVE-2025-11527 8.8 - High - October 09, 2025

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Stack Overflow

Tenda AC7 15.03.06.44 Remote Stack Buffer Overflow in /goform/WifiMacFilterSet
CVE-2025-11526 8.8 - High - October 09, 2025

A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.

Stack Overflow

CVE-2025-11525: Stack Buffer Overflow in Tenda AC7 15.03.06.44 /goform/SetUpnpCfg
CVE-2025-11525 8.8 - High - October 09, 2025

A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Stack Overflow

Tenda AC7 Buffer Overflow via DDNS Enabling (v15.03.06.44)
CVE-2025-11524 8.8 - High - October 09, 2025

A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

Stack Overflow

Command Injection in Tenda AC7 15.03.06.44 /goform/AdvSetLanip (lanIp)
CVE-2025-11523 6.3 - Medium - October 09, 2025

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

Command Injection

Tenda AC7 stack overflow via PPW param (v15.03.06.44)
CVE-2024-32301 - April 17, 2024

Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.

Command Injection in Tenda AC7 firmware 15.03.06.44 formexeCommand (cmdinput)
CVE-2024-32281 - April 17, 2024

Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter.

Tenda AC7 15.03.06.44 stack buffer overflow in GetParentControlInfo
CVE-2024-2903 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44: stack-based buffer overflow in setSchedWifi
CVE-2024-2901 8.8 - High - March 26, 2024

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257944. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 Buffer Overflow in saveParentControlInfo
CVE-2024-2900 8.8 - High - March 26, 2024

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257943. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 Stack Buffer Overflow in WiFiGuestSet
CVE-2024-2902 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 stack overflow via SetStaticRouteCfg
CVE-2024-2898 8.8 - High - March 26, 2024

A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

OS Command Injection in Tenda AC7 15.03.06.44 formWriteFacMac
CVE-2024-2897 8.8 - High - March 26, 2024

A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

Critical Stack Buffer Overflow in Tenda AC7 15.03.06.44 formWifiWpsStart (WPS)
CVE-2024-2896 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 Critical Stack Buffer Overflow in formWifiWpsOOB
CVE-2024-2895 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 v15.03.06.44 Buffer Overflow in formSetQosBand (critical)
CVE-2024-2894 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 Buffer Overflow in formSetDeviceName Remote
CVE-2024-2893 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 firmware 15.03.06.44 stack buffer overflow in formSetCfm
CVE-2024-2892 8.8 - High - March 26, 2024

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical stack overflow in Tenda AC7 15.03.06.44 /goform/QuickIndex
CVE-2024-2891 8.8 - High - March 26, 2024

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Stack Overflow in Tenda AC7/AC9/AC5 via /goform/NatStaticSetting (V15.03.06.x)
CVE-2023-41559 9.8 - Critical - August 30, 2023

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.

Memory Corruption

Stack Overflow via timeZone in Tenda AC7 V15.03.06.44 SetSysTimeCfg
CVE-2023-41558 9.8 - Critical - August 30, 2023

Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg.

Memory Corruption

Tenda AC5/AC7 stack overflow on /goform/addressNat before 15.03.06.44
CVE-2023-41557 9.8 - Critical - August 30, 2023

Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat.

Memory Corruption

Tenda AC7/AC9/AC5 Stack Overflow via /goform/SetIpMacBind (before 15.03.06.44)
CVE-2023-41556 9.8 - Critical - August 30, 2023

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.

Memory Corruption

Tenda AC7 v15.03.06.44 Stack Overflow via sec_5g param
CVE-2023-41555 9.8 - Critical - August 30, 2023

Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.

Memory Corruption