Aggregates CVE and security vulnerability intelligence across all Tenda-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk input validation and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-29032 | Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function. | [email protected] | 5.9 | 3.53% | 2025-03-14 | 2025-04-03 |
| CVE-2024-50854 | Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function. | [email protected] | 8.8 | 0.59% | 2024-11-13 | 2025-03-14 |
| CVE-2024-50853 | Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. | [email protected] | 8.8 | 5.08% | 2024-11-13 | 2024-11-21 |
| CVE-2024-50852 | Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. | [email protected] | 8.8 | 5.08% | 2024-11-13 | 2024-11-21 |
| CVE-2024-46628 | Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | [email protected] | 9.8 | 14.45% | 2024-09-26 | 2024-10-04 |
| CVE-2024-8224 | A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 8.7 | 0.27% | 2024-08-27 | 2024-12-13 |
| CVE-2024-42954 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | [email protected] | 7.5 | 0.20% | 2024-08-15 | 2024-08-16 |
| CVE-2024-42953 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | [email protected] | 7.5 | 0.15% | 2024-08-15 | 2024-08-16 |
| CVE-2024-42949 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | [email protected] | 7.5 | 0.15% | 2024-08-15 | 2024-08-16 |
| CVE-2024-42945 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | [email protected] | 7.5 | 0.08% | 2024-08-15 | 2024-08-16 |
| CVE-2024-42942 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | [email protected] | 7.5 | 0.08% | 2024-08-15 | 2024-08-16 |
| CVE-2024-7581 | A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 8.7 | 0.61% | 2024-08-07 | 2024-08-07 |
| CVE-2024-41473 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac | [email protected] | 9.8 | 86.30% | 2024-07-25 | 2024-11-21 |
| CVE-2024-41468 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand | [email protected] | 9.8 | 81.51% | 2024-07-25 | 2024-11-21 |
| CVE-2024-41466 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. | [email protected] | 7.5 | 0.31% | 2024-07-24 | 2024-11-21 |
| CVE-2024-41465 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm. | [email protected] | 7.5 | 0.31% | 2024-07-24 | 2024-11-21 |
| CVE-2024-41464 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic | [email protected] | 7.5 | 0.33% | 2024-07-24 | 2024-11-21 |
| CVE-2024-41463 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat. | [email protected] | 7.5 | 0.22% | 2024-07-24 | 2024-11-21 |
| CVE-2024-41462 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. | [email protected] | 7.5 | 0.22% | 2024-07-24 | 2024-11-21 |
| CVE-2024-41461 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. | [email protected] | 9.8 | 0.49% | 2024-07-24 | 2024-11-21 |