Tenda Ac8 vulnerabilities

CVE-2026-4254 [HIGH] CWE-119 CVE-2026-4254: A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the functi A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and

CVE-2026-4252 [HIGH] CWE-287 CVE-2026-4252: A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function chec A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVE-2026-4253 [MEDIUM] CWE-77 CVE-2026-4253: A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_us A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public an

CVE-2026-3044 [HIGH] CWE-119 CVE-2026-3044: A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFi A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-2203 [HIGH] CWE-119 CVE-2026-2203: A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functio A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

CVE-2026-2202 [HIGH] CWE-119 CVE-2026-2202: A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasi A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.

CVE-2025-12618 [HIGH] CWE-119 CVE-2025-12618: A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the fil A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-11120 [HIGH] CWE-119 CVE-2025-11120: A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSe A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

CVE-2025-5798 [HIGH] CWE-119 CVE-2025-5798: A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5799 [HIGH] CWE-119 CVE-2025-5799: A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by th A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public

CVE-2025-4368 [HIGH] CWE-119 CVE-2025-4368: A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is t A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-1853 [HIGH] CWE-119 CVE-2025-1853: A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects th A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m

CVE-2025-0528 [HIGH] CWE-74 CVE-2025-0528: A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03. A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and

CVE-2024-11745 [HIGH] CWE-119 CVE-2024-11745: A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issu A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-10280 [HIGH] CWE-476 CVE-2024-10280: A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit

CVE-2024-10123 [CRITICAL] CWE-121 Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched

CVE-2024-10130 [HIGH] CWE-121 CVE-2024-10130: A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affect A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be us

CVE-2024-4065 [HIGH] CWE-121 CVE-2024-4065: A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affect A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The

CVE-2024-4066 [HIGH] CWE-121 CVE-2024-4066: A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the func A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been di

CVE-2024-4064 [HIGH] CWE-121 CVE-2024-4064: A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerabi A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be