Tenda W15E Firmware vulnerabilities

CVE-2026-30140 [HIGH] CWE-284 CVE-2026-30140: An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated a An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access.

CVE-2024-4117 [HIGH] CWE-121 CVE-2024-4117: A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issu A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be u

CVE-2024-4119 [HIGH] CWE-121 CVE-2024-4119: A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerabi A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may b

CVE-2024-4118 [HIGH] CWE-121 CVE-2024-4118: A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be u

CVE-2024-4121 [HIGH] CWE-121 CVE-2024-4121: A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the func A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosu

CVE-2024-4115 [HIGH] CWE-121 CVE-2024-4115: A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is t A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be us

CVE-2024-4122 [HIGH] CWE-121 CVE-2024-4122: A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerab A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be

CVE-2024-4127 [HIGH] CWE-121 CVE-2024-4127: A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was con

CVE-2024-4123 [HIGH] CWE-121 CVE-2024-4123: A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The a

CVE-2024-4125 [HIGH] CWE-121 CVE-2024-4125: A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerabili A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and m

CVE-2024-4126 [HIGH] CWE-121 CVE-2024-4126: A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects th A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifi

CVE-2024-4120 [HIGH] CWE-121 CVE-2024-4120: A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affect A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The e

CVE-2024-4116 [HIGH] CWE-121 CVE-2024-4116: A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may b

CVE-2024-4124 [HIGH] CWE-121 CVE-2024-4124: A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may

CVE-2023-27063 [CRITICAL] CWE-120 CVE-2023-27063: Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2023-27061 [CRITICAL] CWE-120 CVE-2023-27061: Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2023-27062 [HIGH] CWE-120 CVE-2023-27062: Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2023-27065 [HIGH] CWE-120 CVE-2023-27065: Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2023-27064 [HIGH] CWE-120 CVE-2023-27064: Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2022-42058 [CRITICAL] CWE-787 CVE-2022-42058: Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via th Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.