Tenda Ac9 Firmware

Tenda AC9 15.03.06.42_multi Remote Buffer Overflow in formGetRebootTimer
CVE-2026-2192 7.2 - High - February 08, 2026

A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Stack Overflow

Tenda AC9 15.03.06.42_multi buffer overflow in formGetDdosDefenceList
CVE-2026-2191 7.2 - High - February 08, 2026

A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Stack Overflow

Tenda AC9 15.03.05.14_multi Handler Info Disclosure via /cgi-bin/DownloadCfg.jpg
CVE-2025-14286 5.3 - Medium - December 09, 2025

A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Information Disclosure

CVE-2025-5900: Tenda AC9 Firmware v15.03.02.13 CSRF Remote
CVE-2025-5900 7.1 - High - June 09, 2025

A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Session Riding

Tenda AC9 15.03.02.13 Buffer Overflow in formSetSafeWanWebMan (HTTP POST)
CVE-2025-5847 8.8 - High - June 08, 2025

A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda AC9 15.03.02.13 Buffer Overflow in /goform/AdvSetLanip (POST)
CVE-2025-5839 8.8 - High - June 07, 2025

A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda AC9 15.03.02.13 cmd-inj via formSetIptv POST /goform/SetIPTVCfg
CVE-2025-5836 6.3 - Medium - June 07, 2025

A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection

CVE-2025-45042: Cmd Injection in Tenda AC9 v15.03.05.14 via Telnet
CVE-2025-45042 9.8 - Critical - May 05, 2025

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.

Command Injection

Command Injection in Tenda AC9 V15.03.06.42_multi formsetUsbUnload
CVE-2025-44872 - May 02, 2025

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Command Injection in Tenda AC9 V15.03.06.42 formSetSambaConf via usbname
CVE-2025-44877 - May 02, 2025

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Tenda ac9 v1.0 Stack Overflow in /goform/WifiWpsStart Remote Exec
CVE-2025-45429 - April 23, 2025

In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.

Stack Overflow in Tenda AC9 v1.0 WiFi BasicSet for RCE
CVE-2025-45427 - April 23, 2025

In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Tenda AC9 v1.0 FwV15.03.05.14 RebootTime Stack Overflow RCE
CVE-2025-45428 - April 23, 2025

In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Tenda AC9 v1.0 Vulnerable to Stack Overflow via wanMTU /goform/AdvSetMacMtuWan
CVE-2025-29384 9.8 - Critical - March 14, 2025

In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Memory Corruption

Stack Overflow in Tenda AC9 v1.0 V15.03.05.14 /goform/AdvSetMacMtuWan allows RCE
CVE-2025-29385 9.8 - Critical - March 14, 2025

In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Memory Corruption

Tenda AC9 v1.0 stack overflow via /goform/AdvSetMacMtuWan mac param (RCE)
CVE-2025-29386 9.8 - Critical - March 14, 2025

In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Memory Corruption

Tenda AC9 V15.03.05.14: stack overflow in AdvSetMacMtuWan RCE
CVE-2025-29387 7.1 - High - March 14, 2025

In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Memory Corruption

CVE-2025-22949: Tenda AC9 v1.0 Command Injection in /goform/SetSambaCfg (RCE)
CVE-2025-22949 9.8 - Critical - January 10, 2025

Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.

Command Injection

Tenda AC9 v1.0 Firmware v15.03.05.19 StackOv in /goform/SetOnlineDevName RCE
CVE-2025-22946 9.8 - Critical - January 10, 2025

Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.

Classic Buffer Overflow

Command Injection in Tenda AC9 HTTPD (v15.03.06.42) formWriteFacMac
CVE-2024-42634 - August 16, 2024

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.

Tenda AC9 3.0 15.03.06.42_multi Stack Buffer Overflow in fromSetSysTime
CVE-2024-25751 - February 26, 2024

A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.

Stack Buff Overflow in Tenda AC9 v3.0 via fromSetIpMacBind
CVE-2024-25748 - February 22, 2024

A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function.

Tenda AC9 3.0 Stack Buffer Overflow via formSetDeviceName: Remote Code Exec
CVE-2024-25753 - February 22, 2024

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function.

Tenda AC9 v3.0 Buffer Overflow via formWifiBasicSet (v15.03.06.42)
CVE-2024-25756 - February 22, 2024

A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function.

Tenda AC9 v3.0 Firmware: Stack Buffer Overflow via add_white_node (CVE-2024-25746)
CVE-2024-25746 - February 22, 2024

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.

Tenda AC9 v3.0 buffer overflow in setSchedWifi (v15.03.06.42_multi) DoS / RCE
CVE-2024-24543 9.8 - Critical - February 05, 2024

Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.

Memory Corruption

Stack Overflow in Tenda AC9/AC5 via GetParentControlInfo mac (V15.03.06.28/42)
CVE-2023-41563 9.8 - Critical - August 30, 2023

Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo.

Memory Corruption