Tenda I12 vulnerabilities

CVE-2026-5849 [MEDIUM] CWE-22 CVE-2026-5849: A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown funct A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2026-5609 [HIGH] CWE-119 CVE-2026-5609: A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function fo A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be

CVE-2026-4042 [HIGH] CWE-119 CVE-2026-4042: A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function form A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2026-4043 [HIGH] CWE-119 CVE-2026-4043: A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the f A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

CVE-2026-4041 [HIGH] CWE-119 CVE-2026-4041: A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.