Tenda O3 Firmware

Stack Buffer Overflow in Tenda O3 1.0.0.10(2478) sysAutoReboot
CVE-2025-12214 8.8 - High - October 27, 2025

A vulnerability was detected in Tenda O3 1.0.0.10(2478). This issue affects the function SetValue/GetValue of the file /goform/sysAutoReboot. Performing a manipulation of the argument enable results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

Stack Overflow

Tenda O3 1.0.0.10 stack-based buffer overflow via /goform/setVlanConfig
CVE-2025-12213 8.8 - High - October 27, 2025

A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Stack Overflow

RCE via Buffer Overflow in Tenda O3 1.0.0.10 /goform/setNetworkService
CVE-2025-12212 8.8 - High - October 27, 2025

A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Stack Overflow

Stack BOF in Tenda O3 1.0.0.10 via dmzIP (Set/GetValue)
CVE-2025-12211 8.8 - High - October 27, 2025

A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Stack Overflow

Tenda O3 1.0.0.10 Remote Buffer Overflow via /goform/AdvSetLanip
CVE-2025-12210 8.8 - High - October 27, 2025

A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Stack Overflow

Tenda O3 1.0.0.10 Stack-based Buffer Overflow via /goform/setDhcpConfig
CVE-2025-12209 8.8 - High - October 27, 2025

A vulnerability was determined in Tenda O3 1.0.0.10(2478). Affected is the function SetValue/GetValue of the file /goform/setDhcpConfig. Executing a manipulation of the argument dhcpEn can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

Stack Overflow

Tenda O3V2 1.0.0.12 BOP Remote - macList in httpd
CVE-2025-7423 8.8 - High - July 11, 2025

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). Affected by this vulnerability is the function formWifiMacFilterSet of the file /goform/setWrlFilterList of the component httpd. The manipulation of the argument macList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda O3V2 1.0.0.12 Buffer Overflow via setAutoReboot (httpd)
CVE-2025-7422 8.8 - High - July 11, 2025

A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880). Affected is the function setAutoReboot of the file /goform/setNetworkService of the component httpd. The manipulation of the argument week leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda O3V2 1.0.0.12 - Stack BF in httpd fromMacFilterModify (Critical)
CVE-2025-7421 8.8 - High - July 11, 2025

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of the component httpd. The manipulation of the argument mac leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda O3V2 1.0.0.12 Critical Buffer Overflow via extChannel in httpd
CVE-2025-7420 8.8 - High - July 11, 2025

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda O3V2 1.0.0.12 HTTPD stack BF in setRateTest
CVE-2025-7419 8.8 - High - July 10, 2025

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda O3V2 1.0.0.12 Buffer Overflow in httpd fromPingResultGet
CVE-2025-7418 8.8 - High - July 10, 2025

A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda O3V2 1.0.0.12 Remote Buffer Overflow in httpd (CVE-2025-7417)
CVE-2025-7417 8.8 - High - July 10, 2025

A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this vulnerability is the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda O3V2 1.0.0.12(3880) httpd stack-based buffer overflow
CVE-2025-7416 8.8 - High - July 10, 2025

A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.12(3880). Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manipulation of the argument Time leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda O3V2 1.0.0.12 OS Command Injection via httpd setPingInfo
CVE-2025-7414 8.8 - High - July 10, 2025

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Shell injection

Tenda O3V2 1.0.0.12(httpd) CMD Injection via /goform/getTraceroute
CVE-2025-7415 8.8 - High - July 10, 2025

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection

Tenda O3 v1.0.0.5 Buffer Overflow DoS
CVE-2024-51409 - November 06, 2024

Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware.

Tenda O3 1.0.0.10 Stack Buffer Overflow via setMacFilterList
CVE-2024-7152 8.8 - High - July 27, 2024

A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda O3 1.0.0.10(2478) Remote Stack Buffer Overflow via fromMacFilterSet
CVE-2024-7151 9.8 - Critical - July 27, 2024

A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

BCI in Tenda O3V2 v1.0.0.12 via stpEn param
CVE-2024-36604 9.8 - Critical - June 04, 2024

Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges.

Command Injection