Tenda Ax1803 Firmware vulnerabilities

CVE-2026-1329 [HIGH] CWE-119 CVE-2026-1329: A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuest A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be u

CVE-2025-70648 [HIGH] CWE-121 CVE-2025-70648: Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-70646 [HIGH] CWE-121 CVE-2025-70646: Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the su Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-70651 [HIGH] CWE-121 CVE-2025-70651: Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_ Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63457 [HIGH] CWE-787 CVE-2025-63457: Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the su Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63456 [HIGH] CWE-787 CVE-2025-63456: Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetS Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63458 [HIGH] CWE-121 CVE-2025-63458: Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-7597 [HIGH] CWE-119 CVE-2025-7597: A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the funct A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7598 [HIGH] CWE-119 CVE-2025-7598: A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerabi A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may

CVE-2024-4236 [HIGH] CWE-121 CVE-2024-4236: A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issu A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to

CVE-2024-30620 [CRITICAL] CWE-787 CVE-2024-30620: Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAd Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.

CVE-2024-30621 [CRITICAL] CWE-787 CVE-2024-30621: Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdv Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan.

CVE-2023-51969 [CRITICAL] CWE-787 CVE-2023-51969: Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function get Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo.

CVE-2023-51953 [CRITICAL] CWE-787 CVE-2023-51953: Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function form Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

CVE-2023-51955 [CRITICAL] CWE-787 CVE-2023-51955: Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.

CVE-2023-51967 [CRITICAL] CWE-787 CVE-2023-51967: Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getI Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo.

CVE-2023-51968 [CRITICAL] CWE-787 CVE-2023-51968: Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo.

CVE-2023-51957 [CRITICAL] CWE-787 CVE-2023-51957: Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function form Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.

CVE-2023-51966 [CRITICAL] CWE-787 CVE-2023-51966: Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.

CVE-2023-51965 [CRITICAL] CWE-787 CVE-2023-51965: Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function s Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.