This page lists publicly disclosed CVE vulnerabilities affecting tenda ax1803_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1329 | A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. | [email protected] | 7.4 | 1.10% | 2026-01-22 | 2026-06-17 |
| CVE-2025-70648 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | [email protected] | 7.5 | 0.31% | 2026-01-21 | 2026-06-17 |
| CVE-2025-70646 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | [email protected] | 7.5 | 0.31% | 2026-01-21 | 2026-06-17 |
| CVE-2025-70651 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | [email protected] | 7.5 | 0.31% | 2026-01-21 | 2026-06-17 |
| CVE-2025-63457 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | [email protected] | 7.5 | 0.36% | 2025-11-10 | 2026-06-17 |
| CVE-2025-63456 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | [email protected] | 7.5 | 0.36% | 2025-11-10 | 2026-06-17 |
| CVE-2025-63458 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | [email protected] | 7.5 | 0.36% | 2025-10-31 | 2026-06-17 |
| CVE-2025-7598 | A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 7.4 | 0.76% | 2025-07-14 | 2026-06-17 |
| CVE-2025-7597 | A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 7.4 | 0.76% | 2025-07-14 | 2026-06-17 |
| CVE-2024-4236 | A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this discl | [email protected] | 8.8 | 14.88% | 2024-04-26 | 2026-06-17 |
| CVE-2024-30621 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. | [email protected] | 9.8 | 0.74% | 2024-04-02 | 2026-06-17 |
| CVE-2024-30620 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. | [email protected] | 9.8 | 0.82% | 2024-04-02 | 2026-06-17 |
| CVE-2023-51970 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. | [email protected] | 9.8 | 0.73% | 2024-01-10 | 2026-06-17 |
| CVE-2023-51969 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo. | [email protected] | 9.8 | 0.73% | 2024-01-10 | 2026-06-17 |
| CVE-2023-51968 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. | [email protected] | 9.8 | 0.73% | 2024-01-10 | 2026-06-17 |
| CVE-2023-51967 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo. | [email protected] | 9.8 | 0.73% | 2024-01-10 | 2026-06-17 |
| CVE-2023-51962 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. | [email protected] | 9.8 | 0.73% | 2024-01-10 | 2026-06-17 |
| CVE-2023-51965 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. | [email protected] | 9.8 | 0.70% | 2024-01-10 | 2026-06-17 |
| CVE-2023-51964 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | [email protected] | 9.8 | 0.70% | 2024-01-10 | 2026-06-17 |
| CVE-2023-51963 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. | [email protected] | 9.8 | 0.87% | 2024-01-10 | 2026-06-17 |