Tenda Ac7 Firmware vulnerabilities

CVE-2025-29137 [CRITICAL] CWE-120 CVE-2025-29137: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fas Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.

CVE-2025-1851 [HIGH] CWE-119 CVE-2025-1851: A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This af A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and ma

CVE-2025-1819 [MEDIUM] CWE-77 CVE-2025-1819: A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affecte A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-48826 [HIGH] CWE-78 CVE-2024-48826: Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote atta Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.

CVE-2024-48825 [HIGH] CWE-78 CVE-2024-48825: Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote at Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.

CVE-2024-10280 [HIGH] CWE-476 CVE-2024-10280: A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit

CVE-2024-32301 [CRITICAL] CWE-125 CVE-2024-32301: Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.

CVE-2024-32281 [HIGH] CWE-77 CVE-2024-32281: Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand fu Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter.

CVE-2024-2893 [HIGH] CWE-121 CVE-2024-2893: A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issu A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The

CVE-2024-2902 [HIGH] CWE-121 CVE-2024-2902: A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects th A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The id

CVE-2024-2895 [HIGH] CWE-121 CVE-2024-2895: A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerabi A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-2

CVE-2024-2891 [HIGH] CWE-121 CVE-2024-2891: A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is t A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB

CVE-2024-2896 [HIGH] CWE-121 CVE-2024-2896: A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affect A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associat

CVE-2024-2897 [MEDIUM] CWE-78 CVE-2024-2897: A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the func A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this v

CVE-2024-2903 [HIGH] CWE-121 CVE-2024-2903: A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be use

CVE-2024-2900 [HIGH] CWE-121 CVE-2024-2900: A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the pu

CVE-2024-2894 [HIGH] CWE-121 CVE-2024-2894: A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. T

CVE-2024-2899 [HIGH] CWE-121 CVE-2024-2899: A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public a

CVE-2024-2901 [HIGH] CWE-121 CVE-2024-2901: A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerabili A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-2898 [HIGH] CWE-121 CVE-2024-2898: A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerab A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.