Tendacn Ac9 Firmware vulnerabilities
17 known vulnerabilities affecting tendacn/ac9_firmware.
Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH6MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-29032MEDIUMCVSS 5.9v15.03.05.19\(6318\)2025-03-14
CVE-2025-29032 [MEDIUM] CWE-120 CVE-2025-29032: Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB func
Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
nvd
CVE-2023-40942CRITICALCVSS 9.8v15.03.06.42_multi_td02023-09-07
CVE-2023-40942 [CRITICAL] CWE-787 CVE-2023-40942: Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.
nvd
CVE-2022-36233MEDIUMCVSS 5.5v15.03.2.132022-08-19
CVE-2022-36233 [MEDIUM] CWE-787 CVE-2022-36233: Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.
Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.
nvd
CVE-2020-22079CRITICALCVSS 9.8v15.03.05.19\(6318\)v15.03.06.42_multi2021-10-29
CVE-2020-22079 [CRITICAL] CWE-787 CVE-2020-22079: Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 a
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.
nvd
CVE-2021-31624HIGHCVSS 8.8≤ 15.03.06.42_multi≤ 15.03.05.19\(6318\)2021-10-29
CVE-2021-31624 [HIGH] CWE-120 CVE-2021-31624: Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.4
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.
nvd
CVE-2021-31627HIGHCVSS 8.8≤ 15.03.06.42_multi≤ 15.03.05.19\(6318\)2021-10-29
CVE-2021-31627 [HIGH] CWE-120 CVE-2021-31627: Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.4
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.
nvd
CVE-2020-20746HIGHCVSS 7.2v15.03.06.60_en2021-09-30
CVE-2020-20746 [HIGH] CWE-787 CVE-2020-20746: A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attacke
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
nvd
CVE-2020-13394CRITICALCVSS 9.8vv15.03.05.19\(6318\)vv15.03.06.42_multi2020-05-22
CVE-2020-13394 [CRITICAL] CWE-120 CVE-2020-13394: An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a
nvd
CVE-2020-13390CRITICALCVSS 9.8vv15.03.05.19\(6318\)vv15.03.06.42_multi2020-05-22
CVE-2020-13390 [CRITICAL] CWE-120 CVE-2020-13390: An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface par
nvd
CVE-2020-13393CRITICALCVSS 9.8vv15.03.05.19\(6318\)vv15.03.06.42_multi2020-05-22
CVE-2020-13393 [CRITICAL] CWE-120 CVE-2020-13393: An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and tim
nvd
CVE-2020-13392CRITICALCVSS 9.8vv15.03.05.19\(6318\)vv15.03.06.42_multi2020-05-22
CVE-2020-13392 [CRITICAL] CWE-120 CVE-2020-13392: An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST
nvd
CVE-2020-13389CRITICALCVSS 9.8vv15.03.05.19\(6318\)vv15.03.06.42_multi2020-05-22
CVE-2020-13389 [CRITICAL] CWE-120 CVE-2020-13389: An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and sched
nvd
CVE-2020-13391CRITICALCVSS 9.8vv15.03.05.19\(6318\)vv15.03.06.42_multi2020-05-22
CVE-2020-13391 [CRITICAL] CWE-120 CVE-2020-13391: An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a
nvd
CVE-2018-16333HIGHCVSS 7.5v15.03.05.192018-09-02
CVE-2018-16333 [HIGH] CWE-119 CVE-2018-16333: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variabl
nvd
CVE-2018-16334HIGHCVSS 8.8v15.03.05.192018-09-02
CVE-2018-16334 [HIGH] CWE-78 CVE-2018-16334: An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
nvd
CVE-2018-14492HIGHCVSS 7.5≤ v15.03.05.19\(6318\)_cn2018-07-21
CVE-2018-14492 [HIGH] CWE-787 CVE-2018-14492: Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
nvd
CVE-2018-7561CRITICALCVSS 9.8v15.03.05.14_en2018-03-01
CVE-2018-7561 [CRITICAL] CWE-787 CVE-2018-7561: Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.
nvd