Tenda Ax12 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda Ax12 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Tenda Ax12 Firmware. Last year, in 2025 Ax12 Firmware had 2 security vulnerabilities published. Right now, Ax12 Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 0.00 |
| 2024 | 4 | 7.50 |
| 2023 | 4 | 9.80 |
| 2022 | 4 | 8.48 |
It may take a day or so for new Ax12 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda Ax12 Firmware Security Vulnerabilities
Stack Overflow in /goform/SetNetControlList of Tenda AX12 (v22.03.01.46_CN)
CVE-2025-29215
- March 20, 2025
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
Tenda AX12 v22.03.01.46_CN Stack Overflow via /goform/setMacFilterCfg
CVE-2025-29214
- March 20, 2025
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.
Tenda AX12 v16.03.49.18_cn+ DoS via Routing/ICMP | CVE-2024-40503
CVE-2024-40503
- July 16, 2024
An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.
Tenda AX12 v1.0 v22.03.01.46 Stack Overflow via deviceList Param
CVE-2024-40412
- July 10, 2024
Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.
Tenda AX12 v1.0 - Stack Overflow via ssid Param
CVE-2024-28383
- March 14, 2024
Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.
Tenda AX12 V22.03.01.46 Buffer Overflow in SetNetControlList (remote DoS)
CVE-2023-49427
7.5 - High
- January 10, 2024
Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function.
Memory Corruption
Tenda AX12 V22.03.01.46 CmdInject via /goform/SetOnlineDevName ('mac')
CVE-2023-49428
9.8 - Critical
- December 07, 2023
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Command Injection
Command injection in Tenda AX12 [SetNetControlList] before v22.03.01.46
CVE-2023-49437
9.8 - Critical
- December 07, 2023
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Command Injection
Tenda AX12 stack overflow in Virtual Server CFG (list param)
CVE-2023-49424
9.8 - Critical
- December 07, 2023
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
Memory Corruption
Unauthorized Buffer Overflow in Tenda AX12 v22.03.01.21 Web Service
CVE-2022-45995
9.8 - Critical
- January 05, 2023
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.
Classic Buffer Overflow
CVE-2022-45980: Tenda AX12 V22.03.01.21_CN CSRF via /goform/SysToolRestoreSet
CVE-2022-45980
8.8 - High
- December 12, 2022
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
Session Riding
Tenda AX12 v22.03.01.21 stack overflow via ssid param
CVE-2022-45979
7.5 - High
- December 12, 2022
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .
Memory Corruption
Tenda AX12 V22.03.01.21_CN Cmd Injection via /goform/setMacFilterCfg
CVE-2022-45977
8.8 - High
- December 12, 2022
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
Shell injection
Cmd Injection in Tenda AX12 v22.03.01.16_cn via goform/fast_setting_internet_set
CVE-2022-45043
8.8 - High
- December 12, 2022
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda Ax12 Firmware or by Tenda? Click the Watch button to subscribe.
