Tenda O3 vulnerabilities

CVE-2025-12214 [HIGH] CWE-119 CVE-2025-12214: A vulnerability was detected in Tenda O3 1.0.0.10(2478). This issue affects the function SetValue/Ge A vulnerability was detected in Tenda O3 1.0.0.10(2478). This issue affects the function SetValue/GetValue of the file /goform/sysAutoReboot. Performing a manipulation of the argument enable results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

CVE-2025-12209 [HIGH] CWE-119 CVE-2025-12209: A vulnerability was determined in Tenda O3 1.0.0.10(2478). Affected is the function SetValue/GetValu A vulnerability was determined in Tenda O3 1.0.0.10(2478). Affected is the function SetValue/GetValue of the file /goform/setDhcpConfig. Executing a manipulation of the argument dhcpEn can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

CVE-2025-12211 [HIGH] CWE-119 CVE-2025-12211: A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the functi A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

CVE-2025-12210 [HIGH] CWE-119 CVE-2025-12210: A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the fun A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVE-2025-12213 [HIGH] CWE-119 CVE-2025-12213: A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects th A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-12212 [HIGH] CWE-119 CVE-2025-12212: A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetVal A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2024-7152 [HIGH] CWE-121 CVE-2024-7152: A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affe A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The

CVE-2024-7151 [HIGH] CWE-121 CVE-2024-7151: A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnera A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used

CVE-2024-6963 [HIGH] CWE-121 CVE-2024-6963: A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue a A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned

CVE-2024-6965 [HIGH] CWE-121 CVE-2024-6965: A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vul A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated

CVE-2024-6964 [HIGH] CWE-121 CVE-2024-6964: A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the f A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-

CVE-2024-6962 [HIGH] CWE-121 CVE-2024-6962: A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects th A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of thi