Tenda

Ac10

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-67073

Exploit
  • EPSS 0.33%
  • Veröffentlicht 17.12.2025 00:00:00
  • Zuletzt bearbeitet 02.01.2026 19:45:45

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `servic...

9.8

CVE-2025-12622

Exploit
  • EPSS 0.11%
  • Veröffentlicht 03.11.2025 07:32:13
  • Zuletzt bearbeitet 05.11.2025 14:34:51

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely...

5.3

CVE-2025-57220

  • EPSS 0.06%
  • Veröffentlicht 28.08.2025 00:00:00
  • Zuletzt bearbeitet 03.09.2025 16:11:06

An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.

7.5

CVE-2025-57215

  • EPSS 0.06%
  • Veröffentlicht 28.08.2025 00:00:00
  • Zuletzt bearbeitet 03.09.2025 16:11:17

Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.

5.3

CVE-2025-57219

  • EPSS 0.05%
  • Veröffentlicht 28.08.2025 00:00:00
  • Zuletzt bearbeitet 03.09.2025 16:11:12

Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request.

5.3

CVE-2025-57218

Exploit
  • EPSS 0.08%
  • Veröffentlicht 28.08.2025 00:00:00
  • Zuletzt bearbeitet 03.09.2025 16:11:25

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.

5.3

CVE-2025-57217

  • EPSS 0.07%
  • Veröffentlicht 28.08.2025 00:00:00
  • Zuletzt bearbeitet 03.09.2025 16:11:31

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.

7

CVE-2025-9309

Exploit
  • EPSS 0.02%
  • Veröffentlicht 21.08.2025 16:32:08
  • Zuletzt bearbeitet 25.08.2025 02:02:44

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A...

8.8

CVE-2025-8178

  • EPSS 0.26%
  • Veröffentlicht 26.07.2025 04:32:10
  • Zuletzt bearbeitet 01.08.2025 20:02:24

A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to...

9.8

CVE-2025-5629

  • EPSS 0.44%
  • Veröffentlicht 05.06.2025 02:00:21
  • Zuletzt bearbeitet 06.06.2025 15:15:34

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/end...