Tenda Ac9 Firmware vulnerabilities

CVE-2026-2192 [HIGH] CWE-119 CVE-2026-2192: A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerab A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and ma

CVE-2026-2191 [HIGH] CWE-119 CVE-2026-2191: A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosD A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2025-14286 [MEDIUM] CWE-200 CVE-2025-14286: A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-57638 [HIGH] CWE-122 CVE-2025-57638: Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value. Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.

CVE-2025-57639 [MEDIUM] CWE-78 CVE-2025-57639: OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vu OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file.

CVE-2025-10443 [HIGH] CWE-119 CVE-2025-10443: A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability aff A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

CVE-2025-10442 [MEDIUM] CWE-77 CVE-2025-10442: A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeC A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

CVE-2025-9731 [LOW] CWE-259 CVE-2025-9731: A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as diffi

CVE-2025-5900 [MEDIUM] CWE-352 CVE-2025-5900: A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affec A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5847 [HIGH] CWE-119 CVE-2025-5847: A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The ex

CVE-2025-5839 [HIGH] CWE-119 CVE-2025-5839: A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to

CVE-2025-5836 [MEDIUM] CWE-74 CVE-2025-5836: A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affect A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may

CVE-2025-45042 [CRITICAL] CWE-77 CVE-2025-45042: Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet fu Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.

CVE-2025-44877 [CRITICAL] CWE-77 CVE-2025-44877: Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSa Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44872 [CRITICAL] CWE-77 CVE-2025-44872: Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUs Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-45427 [CRITICAL] CWE-121 CVE-2025-45427: In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet h In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

CVE-2025-45429 [CRITICAL] CWE-121 CVE-2025-45429: In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerabili In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.

CVE-2025-45428 [CRITICAL] CWE-121 CVE-2025-45428: In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRe In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

CVE-2025-29384 [CRITICAL] CWE-787 CVE-2025-29384: In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack ov In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

CVE-2025-29385 [CRITICAL] CWE-787 CVE-2025-29385: In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.