Tenda Ac6 Firmware vulnerabilities

CVE-2025-29029 [CRITICAL] CWE-787 CVE-2025-29029: Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.

CVE-2025-29030 [CRITICAL] CWE-787 CVE-2025-29030: Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.

CVE-2025-29031 [CRITICAL] CWE-787 CVE-2025-29031: Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.

CVE-2025-1814 [HIGH] CWE-119 CVE-2025-1814: A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may b

CVE-2025-25505 [MEDIUM] CWE-120 CVE-2025-25505: Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.

CVE-2025-25507 [MEDIUM] CWE-94 CVE-2025-25507: There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the par There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.

CVE-2025-25343 [CRITICAL] CWE-120 CVE-2025-25343: Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.

CVE-2024-46450 [HIGH] CWE-862 CVE-2024-46450: Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03. Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.

CVE-2025-0349 [HIGH] CWE-119 CVE-2025-0349: A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the func A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-52273 [HIGH] CWE-121 CVE-2024-52273: Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppo Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

CVE-2024-52274 [HIGH] CWE-121 CVE-2024-52274: Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tp Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

CVE-2024-52275 [HIGH] CWE-121 CVE-2024-52275: Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHan Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.

CVE-2024-52272 [HIGH] CWE-121 CVE-2024-52272: Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLan Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

CVE-2024-52714 [CRITICAL] CWE-120 CVE-2024-52714: Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysT Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime.

CVE-2024-51116 [HIGH] CWE-120 CVE-2024-51116: Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTP Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'.

CVE-2024-10698 [HIGH] CWE-121 CVE-2024-10698: A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issu A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-10697 [MEDIUM] CWE-74 CVE-2024-10697: A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the pu

CVE-2024-10280 [HIGH] CWE-476 CVE-2024-10280: A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit

CVE-2023-24332 [HIGH] CWE-121 CVE-2023-24332: A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet.

CVE-2023-38823 [CRITICAL] CWE-120 CVE-2023-38823: Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a rem Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.