Tenda Ac9 Firmware vulnerabilities
90 known vulnerabilities affecting tenda/ac9_firmware.
Total CVEs
90
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL55HIGH27MEDIUM7LOW1
Vulnerabilities
Page 3 of 5
CVE-2023-41561CRITICALCVSS 9.8v15.03.06.42_multi2023-08-30
CVE-2023-41561 [CRITICAL] CWE-787 CVE-2023-41561: Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contai
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.
nvd
CVE-2023-41560CRITICALCVSS 9.8v15.03.06.42_multi2023-08-30
CVE-2023-41560 [CRITICAL] CWE-787 CVE-2023-41560: Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallE
Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg.
nvd
CVE-2023-38936CRITICALCVSS 9.8v15.03.06.42_multi2023-08-07
CVE-2023-38936 [CRITICAL] CWE-787 CVE-2023-38936: Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
nvd
CVE-2023-38933CRITICALCVSS 9.8v15.03.06.42_multi2023-08-07
CVE-2023-38933 [CRITICAL] CWE-787 CVE-2023-38933: Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
nvd
CVE-2023-38935CRITICALCVSS 9.8v15.03.06.42_multi2023-08-07
CVE-2023-38935 [CRITICAL] CWE-787 CVE-2023-38935: Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.
nvd
CVE-2023-38930CRITICALCVSS 9.8v15.03.06.42_multi2023-08-07
CVE-2023-38930 [CRITICAL] CWE-787 CVE-2023-38930: Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and
Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
nvd
CVE-2023-38937CRITICALCVSS 9.8v15.03.06.42_multi2023-08-07
CVE-2023-38937 [CRITICAL] CWE-787 CVE-2023-38937: Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
nvd
CVE-2023-37716CRITICALCVSS 9.8v3.02023-07-14
CVE-2023-37716 [CRITICAL] CWE-787 CVE-2023-37716: Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.
nvd
CVE-2023-37717CRITICALCVSS 9.8v3.02023-07-14
CVE-2023-37717 [CRITICAL] CWE-787 CVE-2023-37717: Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.
nvd
CVE-2022-36569HIGHCVSS 8.8v15.03.05.192022-08-31
CVE-2022-36569 [HIGH] CWE-787 CVE-2022-36569: Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /g
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.
nvd
CVE-2022-36571HIGHCVSS 7.2v15.03.05.192022-08-31
CVE-2022-36571 [HIGH] CWE-787 CVE-2022-36571: Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.
nvd
CVE-2022-36570HIGHCVSS 7.2v15.03.05.192022-08-31
CVE-2022-36570 [HIGH] CWE-787 CVE-2022-36570: Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.
nvd
CVE-2022-36568HIGHCVSS 8.8v15.03.05.192022-08-31
CVE-2022-36568 [HIGH] CWE-787 CVE-2022-36568: Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.
nvd
CVE-2022-36273CRITICALCVSS 9.8v15.03.2.21_cn2022-08-16
CVE-2022-36273 [CRITICAL] CWE-78 CVE-2022-36273: Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.
nvd
CVE-2021-42659MEDIUMCVSS 6.5v15.03.05.19\(6318\)v15.03.06.42_multi2022-05-24
CVE-2021-42659 [MEDIUM] CWE-119 CVE-2021-42659: There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devic
There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs.
nvd
CVE-2022-28560CRITICALCVSS 9.8v15.03.2.21_cn2022-05-03
CVE-2022-28560 [CRITICAL] CWE-787 CVE-2022-28560: There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd se
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
nvd
CVE-2022-27022CRITICALCVSS 9.8v15.03.2.21_cn2022-04-07
CVE-2022-27022 [CRITICAL] CWE-787 CVE-2022-27022: There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tend
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
nvd
CVE-2022-27016CRITICALCVSS 9.8v15.03.2.21_cn2022-04-07
CVE-2022-27016 [CRITICAL] CWE-787 CVE-2022-27016: There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
nvd
CVE-2022-26278CRITICALCVSS 9.8v15.03.2.21_cn2022-03-28
CVE-2022-26278 [CRITICAL] CWE-787 CVE-2022-26278: Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the Po
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
nvd
CVE-2022-25428CRITICALCVSS 9.8v15.03.2.212022-03-18
CVE-2022-25428 [CRITICAL] CWE-787 CVE-2022-25428: Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the s
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.
nvd