Tenda Ax1806 Firmware vulnerabilities

61 known vulnerabilities affecting tenda/ax1806_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL20HIGH39MEDIUM2

Vulnerabilities

Page 1 of 4

CVE-2025-70645HIGHCVSS 7.5v1.0.0.12026-01-21

CVE-2025-70645 [HIGH] CWE-121 CVE-2025-70645: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-70650HIGHCVSS 7.5v1.0.0.12026-01-21

CVE-2025-70650 [HIGH] CWE-121 CVE-2025-70650: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-70644HIGHCVSS 7.5v1.0.0.12026-01-21

CVE-2025-70644 [HIGH] CWE-121 CVE-2025-70644: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_6 Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-70746HIGHCVSS 7.5v1.0.0.12026-01-16

CVE-2025-70746 [HIGH] CWE-121 CVE-2025-70746: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the f Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-71020HIGHCVSS 7.5v1.0.0.12026-01-16

CVE-2025-71020 [HIGH] CWE-121 CVE-2025-71020: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the s Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-70744HIGHCVSS 7.5v1.0.0.12026-01-15

CVE-2025-70744 [HIGH] CWE-121 CVE-2025-70744: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-70656HIGHCVSS 7.5v1.0.0.12026-01-15

CVE-2025-70656 [HIGH] CWE-121 CVE-2025-70656: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65 Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-71019HIGHCVSS 7.5v1.0.0.12026-01-15

CVE-2025-71019 [HIGH] CWE-121 CVE-2025-71019: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the s Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-71021HIGHCVSS 7.5v1.0.0.12026-01-14

CVE-2025-71021 [HIGH] CWE-121 CVE-2025-71021: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-70747HIGHCVSS 7.5v1.0.0.12026-01-14

CVE-2025-70747 [HIGH] CWE-121 CVE-2025-70747: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of th Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2025-70753HIGHCVSS 7.5v1.0.0.12026-01-13

CVE-2025-70753 [HIGH] CWE-787 CVE-2025-70753: Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of th Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

nvd

CVE-2024-44551CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44551 [CRITICAL] CWE-787 CVE-2024-44551: Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function for Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.

nvd

CVE-2024-44556CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44556 [CRITICAL] CWE-787 CVE-2024-44556: Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.

nvd

CVE-2024-44550CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44550 [CRITICAL] CWE-787 CVE-2024-44550: Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function f Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.

nvd

CVE-2024-44558CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44558 [CRITICAL] CWE-787 CVE-2024-44558: Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function s Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.

nvd

CVE-2024-44557CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44557 [CRITICAL] CWE-787 CVE-2024-44557: Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setI Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.

nvd

CVE-2024-44563CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44563 [CRITICAL] CWE-787 CVE-2024-44563: Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setI Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.

nvd

CVE-2024-44549CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44549 [CRITICAL] CWE-787 CVE-2024-44549: Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function form Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.

nvd

CVE-2024-44555CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44555 [CRITICAL] CWE-787 CVE-2024-44555: Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function set Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.

nvd

CVE-2024-44565CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44565 [CRITICAL] CWE-787 CVE-2024-44565: Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fa Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set.

nvd

1 / 4Next →