Tenda G1 Firmware vulnerabilities

5 known vulnerabilities affecting tenda/g1_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-70802HIGHCVSS 8.4v16.01.7.82026-03-10
CVE-2025-70802 [HIGH] CWE-259 CVE-2025-70802: Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnera Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
nvd
CVE-2025-8980MEDIUMCVSS 6.6v16.01.7.8\(3660\)2025-08-14
CVE-2025-8980 [MEDIUM] CWE-345 CVE-2025-8980: A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function c A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficu
nvd
CVE-2021-27706CRITICALCVSS 9.8vv15.11.0.17\(9502\)_cn2021-04-14
CVE-2021-27706 [CRITICAL] CWE-120 CVE-2021-27706: Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter "IPMacBindIndex" to strcpy without limit.
nvd
CVE-2021-27707CRITICALCVSS 9.8vv15.11.0.17\(9502\)_cn2021-04-14
CVE-2021-27707 [CRITICAL] CWE-120 CVE-2021-27707: Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attacker Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without limit.
nvd
CVE-2021-27705CRITICALCVSS 9.8vv15.11.0.17\(9502\)_cn2021-04-14
CVE-2021-27705 [CRITICAL] CWE-120 CVE-2021-27705: Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attacker Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit.
nvd