Tenda I12 Firmware vulnerabilities

CVE-2026-4042 [HIGH] CWE-119 CVE-2026-4042: A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function form A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2026-4043 [HIGH] CWE-119 CVE-2026-4043: A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the f A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

CVE-2026-4041 [HIGH] CWE-119 CVE-2026-4041: A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

CVE-2025-29149 [HIGH] CWE-121 CVE-2025-29149: Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.

CVE-2025-25678 [CRITICAL] CWE-120 CVE-2025-25678: Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.

CVE-2025-25676 [CRITICAL] CWE-120 CVE-2025-25676: Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.

CVE-2025-25679 [HIGH] CWE-121 CVE-2025-25679: Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.