Tenda I9 vulnerabilities

CVE-2026-7036 [MEDIUM] CWE-22 CVE-2026-7036: A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7 A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

CVE-2024-11650 [HIGH] CWE-404 CVE-2024-11650: A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects t A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-0996 [CRITICAL] CWE-121 CVE-2024-0996: A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). This affects the fu A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). This affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may