Tenda Ac8 Firmware vulnerabilities

CVE-2026-4254 [HIGH] CWE-119 CVE-2026-4254: A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the functi A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and

CVE-2026-4252 [HIGH] CWE-287 CVE-2026-4252: A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function chec A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVE-2026-4253 [MEDIUM] CWE-77 CVE-2026-4253: A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_us A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public an

CVE-2026-3044 [HIGH] CWE-119 CVE-2026-3044: A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFi A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-2203 [HIGH] CWE-119 CVE-2026-2203: A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functio A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

CVE-2026-2202 [HIGH] CWE-119 CVE-2026-2202: A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasi A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.

CVE-2025-12618 [HIGH] CWE-119 CVE-2025-12618: A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the fil A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-61498 [HIGH] CWE-121 CVE-2025-61498: A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a Denial of Service (DoS) via supplying a crafted packet.

CVE-2025-55852 [HIGH] CWE-121 CVE-2025-55852: Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the par Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g.

CVE-2025-52054 [MEDIUM] CWE-287 CVE-2025-52054: An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate with network services on the device.

CVE-2025-51087 [HIGH] CWE-121 CVE-2025-51087: Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.

CVE-2025-51089 [MEDIUM] CWE-122 CVE-2025-51089: Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.Th Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow.

CVE-2025-51082 [MEDIUM] CWE-121 CVE-2025-51082: Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set. Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set. The manipulation of the argument `timeZone` leads to stack-based buffer overflow.

CVE-2025-51085 [MEDIUM] CWE-121 CVE-2025-51085: Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The man Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.

CVE-2025-51088 [MEDIUM] CWE-121 CVE-2025-51088: Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The mani Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.

CVE-2025-5798 [HIGH] CWE-119 CVE-2025-5798: A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5799 [HIGH] CWE-119 CVE-2025-5799: A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by th A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public

CVE-2025-4368 [HIGH] CWE-119 CVE-2025-4368: A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is t A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-29100 [CRITICAL] CWE-121 CVE-2025-29100: Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the p Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list.

CVE-2025-29101 [HIGH] CWE-121 CVE-2025-29101: Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function.