Tenda Ac9 Firmware vulnerabilities

90 known vulnerabilities affecting tenda/ac9_firmware.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL55HIGH27MEDIUM7LOW1

Vulnerabilities

Page 4 of 5

CVE-2022-25429CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25429 [CRITICAL] CWE-787 CVE-2022-25429: Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the save Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.

nvd

CVE-2022-25434CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25434 [CRITICAL] CWE-787 CVE-2022-25434: Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.

nvd

CVE-2022-25437CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25437 [CRITICAL] CWE-787 CVE-2022-25437: Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVi Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.

nvd

CVE-2022-25433CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25433 [CRITICAL] CWE-787 CVE-2022-25433: Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the savep Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.

nvd

CVE-2022-25435CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25435 [CRITICAL] CWE-787 CVE-2022-25435: Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetSt Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.

nvd

CVE-2022-25427CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25427 [CRITICAL] CWE-787 CVE-2022-25427: Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in t Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.

nvd

CVE-2022-25431CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25431 [CRITICAL] CWE-787 CVE-2022-25431: Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.

nvd

CVE-2022-25441CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25441 [CRITICAL] CWE-78 CVE-2022-25441: Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via t Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.

nvd

CVE-2022-25438CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25438 [CRITICAL] CWE-78 CVE-2022-25438: Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via t Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.

nvd

CVE-2022-25440CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25440 [CRITICAL] CWE-787 CVE-2022-25440: Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.

nvd

CVE-2022-25439CRITICALCVSS 9.8v15.03.2.212022-03-18

CVE-2022-25439 [CRITICAL] CWE-787 CVE-2022-25439: Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIp Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.

nvd

CVE-2022-25414CRITICALCVSS 9.8vv15.03.2.21_cn2022-02-24

CVE-2022-25414 [CRITICAL] CWE-787 CVE-2022-25414: Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.

nvd

CVE-2022-25417CRITICALCVSS 9.8vv15.03.2.21_cn2022-02-24

CVE-2022-25417 [CRITICAL] CWE-787 CVE-2022-25417: Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontr Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.

nvd

CVE-2022-25418CRITICALCVSS 9.8vv15.03.2.21_cn2022-02-24

CVE-2022-25418 [CRITICAL] CWE-787 CVE-2022-25418: Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.

nvd

CVE-2020-26728CRITICALCVSS 9.8v15.03.06.42_multiv15.03.05.19\(6318\)_cn2022-02-11

CVE-2020-26728 [CRITICAL] CVE-2020-26728: A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19( A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.

nvd

CVE-2018-14559HIGHCVSS 7.5≤ 15.03.05.19\(6318\)_cn2019-04-25

CVE-2018-14559 [HIGH] CWE-119 CVE-2018-14559: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value

nvd

CVE-2018-14557HIGHCVSS 7.5≤ 15.03.05.19\(6318\)_cn2019-04-25

CVE-2018-14557 [HIGH] CWE-119 CVE-2018-14557: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value

nvd

CVE-2018-14558CRITICALCVSS 9.8KEV≤ 15.03.05.19\(6318\)_cn2018-10-30

CVE-2018-14558 [CRITICAL] CWE-78 CVE-2018-14558: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occur

nvd

CVE-2018-18729CRITICALCVSS 9.8v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18729 [CRITICAL] CWE-787 CVE-2018-18729: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy

nvd

CVE-2018-18728CRITICALCVSS 9.8v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18728 [CRITICAL] CWE-78 CVE-2018-18728: An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05 An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.

nvd

← Previous4 / 5Next →