Tenda Ac7 Firmware

Tenda AC7 stack-based buffer overflow in SetSysTimeCfg (v15.03.06.44)
CVE-2026-4974 8.8 - High - March 27, 2026

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

Stack Overflow

Plaintext Credentials in Tenda AC7 Firmware vV03.03.03.01_cn and Earlier
CVE-2026-24441 - February 03, 2026

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.

Cleartext Transmission of Sensitive Information

CSRF in Tenda AC7 router web admin before V03.03.03.01_cn
CVE-2026-24434 - February 03, 2026

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrator to perform unintended state-changing requests and modify router settings.

Session Riding

Tenda AC7 v03.03.03.01_cn: Plaintext Admin Creds in Config
CVE-2026-24427 - February 03, 2026

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.

Insertion of Sensitive Information Into Sent Data

Tenda AC7 pre-3.03.03.01_cn Improper Output Encoding in Web UI (XSS)
CVE-2026-24426 - February 03, 2026

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victims browser context.

XSS

Tenda AC7 15.03.06.44 Buffer Overflow in /goform/setNotUpgrade (remote)
CVE-2025-11586 8.8 - High - October 10, 2025

A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Stack Overflow

Tenda AC7 15.03.06.44 Stack Overflow in /goform/saveAutoQos Remote
CVE-2025-11528 8.8 - High - October 09, 2025

A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Stack Overflow

Tenda AC7 15.03.06.44 Remote Stack Overflow via Password in /goform/fast_setting_pppoe_set
CVE-2025-11527 8.8 - High - October 09, 2025

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Stack Overflow

Tenda AC7 15.03.06.44 Remote Stack Buffer Overflow in /goform/WifiMacFilterSet
CVE-2025-11526 8.8 - High - October 09, 2025

A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.

Stack Overflow

CVE-2025-11525: Stack Buffer Overflow in Tenda AC7 15.03.06.44 /goform/SetUpnpCfg
CVE-2025-11525 8.8 - High - October 09, 2025

A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Stack Overflow

Tenda AC7 Buffer Overflow via DDNS Enabling (v15.03.06.44)
CVE-2025-11524 8.8 - High - October 09, 2025

A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

Stack Overflow

Command Injection in Tenda AC7 15.03.06.44 /goform/AdvSetLanip (lanIp)
CVE-2025-11523 6.3 - Medium - October 09, 2025

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

Command Injection

Tenda AC7 < 15.03.06.44: HTTPD Stack Buffer Overflow (RCE)
CVE-2025-8017 8.8 - High - July 22, 2025

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda AC7 15.03.06.44 Buffer Overflow via AdvSetLanip
CVE-2025-5861 9.8 - Critical - June 09, 2025

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Tenda AC7 15.03.06.44 Buffer Overflow in formSetPPTPUserList RCE
CVE-2025-5862 9.8 - Critical - June 09, 2025

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Tenda AC7 15.03.06.44 Stack Buffer Overflow in formSetRebootTimer (RebootTime)
CVE-2025-4810 8.8 - High - May 16, 2025

A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Critical Buffer Overflow in Tenda AC7 15.03.06.44 Mac Filter Set
CVE-2025-4809 8.8 - High - May 16, 2025

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda AC7 15.03.06.44 RCE buffer overflow in formSetPPTPServer
CVE-2025-3346 8.8 - High - April 07, 2025

A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Tenda AC7 V15.03.06.44 Stack Buffer Overflow via WifiBasicSet
CVE-2025-29135 - March 24, 2025

A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function.

Tenda AC7 V15.03.06.44 RCE via timeZone Buffer Overflow
CVE-2025-29137 - March 19, 2025

Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.

Tenda AC7 formSetFirewallCfg Stack BOverflow Remote
CVE-2025-1851 8.8 - High - March 03, 2025

A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda AC7 15.03.06.44 OS Command Injection via TendaTelnet
CVE-2025-1819 9.8 - Critical - March 02, 2025

A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Shell injection

Tenda AC7 <15.03.06.44 preauth cmdinject via ate_ifconfig_set
CVE-2024-48825 8.8 - High - October 28, 2024

Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.

Shell injection

Pre-auth Command Injection in Tenda AC7 v15.03.06.44 ate_iwpriv_set
CVE-2024-48826 8.8 - High - October 28, 2024

Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.

Shell injection

Command Injection in Tenda AC7 firmware 15.03.06.44 formexeCommand (cmdinput)
CVE-2024-32281 - April 17, 2024

Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter.

Tenda AC7 stack overflow via PPW param (v15.03.06.44)
CVE-2024-32301 - April 17, 2024

Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.

Tenda AC7 15.03.06.44 stack buffer overflow in GetParentControlInfo
CVE-2024-2903 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 Stack Buffer Overflow in WiFiGuestSet
CVE-2024-2902 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44: stack-based buffer overflow in setSchedWifi
CVE-2024-2901 8.8 - High - March 26, 2024

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257944. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 Buffer Overflow in saveParentControlInfo
CVE-2024-2900 8.8 - High - March 26, 2024

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257943. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

OS Command Injection in Tenda AC7 15.03.06.44 formWriteFacMac
CVE-2024-2897 8.8 - High - March 26, 2024

A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

Tenda AC7 15.03.06.44 stack overflow via SetStaticRouteCfg
CVE-2024-2898 8.8 - High - March 26, 2024

A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 Remote Stack Buffer Overflow (wpapsk_crypto)
CVE-2024-2899 8.8 - High - March 26, 2024

A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257942 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 Critical Stack Buffer Overflow in formWifiWpsOOB
CVE-2024-2895 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical Stack Buffer Overflow in Tenda AC7 15.03.06.44 formWifiWpsStart (WPS)
CVE-2024-2896 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 v15.03.06.44 Buffer Overflow in formSetQosBand (critical)
CVE-2024-2894 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 15.03.06.44 Buffer Overflow in formSetDeviceName Remote
CVE-2024-2893 8.8 - High - March 26, 2024

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC7 firmware 15.03.06.44 stack buffer overflow in formSetCfm
CVE-2024-2892 8.8 - High - March 26, 2024

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical stack overflow in Tenda AC7 15.03.06.44 /goform/QuickIndex
CVE-2024-2891 8.8 - High - March 26, 2024

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption