Tenda Ac9 vulnerabilities

CVE-2026-6016 [HIGH] CWE-119 CVE-2026-6016: A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd o A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

CVE-2026-6015 [HIGH] CWE-119 CVE-2026-6015: A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be u

CVE-2026-2192 [HIGH] CWE-119 CVE-2026-2192: A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerab A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and ma

CVE-2026-2191 [HIGH] CWE-119 CVE-2026-2191: A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosD A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2025-14286 [MEDIUM] CWE-200 CVE-2025-14286: A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-10443 [HIGH] CWE-119 CVE-2025-10443: A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability aff A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

CVE-2025-10442 [MEDIUM] CWE-77 CVE-2025-10442: A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeC A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

CVE-2025-9731 [LOW] CWE-259 CVE-2025-9731: A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as diffi

CVE-2025-5900 [MEDIUM] CWE-352 CVE-2025-5900: A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affec A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5847 [HIGH] CWE-119 CVE-2025-5847: A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The ex

CVE-2025-5839 [HIGH] CWE-119 CVE-2025-5839: A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to

CVE-2025-5836 [MEDIUM] CWE-74 CVE-2025-5836: A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affect A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may

CVE-2024-10280 [HIGH] CWE-476 CVE-2024-10280: A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit