Search criteria
482 vulnerabilities by Tenda
CVE-2026-22082 (GCVE-0-2026-22082)
Vulnerability from cvelistv5 – Published: 2026-01-09 11:24 – Updated: 2026-01-09 16:26
VLAI?
Title
Insecure Session ID Management Vulnerability in Tenda Wireless Routers
Summary
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission.
Successful exploitation of this vulnerability could allow the attacker to hijack an authenticated session and compromise sensitive configuration information on the targeted device.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | 300Mbps Wireless Router F3 and N300 Easy Setup Router |
Affected:
F3 v3.0 Firmware V12.01.01.41
Affected: F3 v3.0 Firmware V12.01.01.42 Affected: F3 v3.0 Firmware V12.01.01.48 Affected: F3 v3.0 Firmware V12.01.01.52 Affected: F3 v3.0 Firmware V12.01.01.55 Affected: F3 v4.0 Firmware V03.03.01.40 |
Credits
This vulnerability is reported by Deven Lunkad, Swaroop Dora, Naziya Aslam, and S. Venkatesan from IoT Security Research Lab, Indian Institute of Information Technology, Allahabad, India.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T16:25:53.798612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T16:26:14.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "300Mbps Wireless Router F3 and N300 Easy Setup Router",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.41"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.42"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.48"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.52"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.55"
},
{
"status": "affected",
"version": "F3 v4.0 Firmware V03.03.01.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Deven Lunkad, Swaroop Dora, Naziya Aslam, and S. Venkatesan from IoT Security Research Lab, Indian Institute of Information Technology, Allahabad, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission.\u003cbr\u003e \u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to hijack an authenticated session and compromise sensitive configuration information on the targeted device.\u003cbr\u003e"
}
],
"value": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission.\n \nSuccessful exploitation of this vulnerability could allow the attacker to hijack an authenticated session and compromise sensitive configuration information on the targeted device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T11:24:54.375Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0004"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply appropriate updates as mentioned by the vendor:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tendacn.com/in/material/show/724624313163845\"\u003ehttps://www.tendacn.com/in/material/show/724624313163845\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Apply appropriate updates as mentioned by the vendor:\n https://www.tendacn.com/in/material/show/724624313163845"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Session ID Management Vulnerability in Tenda Wireless Routers",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-22082",
"datePublished": "2026-01-09T11:24:54.375Z",
"dateReserved": "2026-01-06T07:52:50.901Z",
"dateUpdated": "2026-01-09T16:26:14.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22081 (GCVE-0-2026-22081)
Vulnerability from cvelistv5 – Published: 2026-01-09 11:16 – Updated: 2026-01-09 16:44
VLAI?
Title
Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers
Summary
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection.
Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unau-thorized access to the targeted device.
Severity ?
CWE
- CWE-1004 - - Sensitive Cookie Without HttpOnly Flag
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | 300Mbps Wireless Router F3 and N300 Easy Setup Router |
Affected:
F3 v3.0 Firmware V12.01.01.41
Affected: F3 v3.0 Firmware V12.01.01.42 Affected: F3 v3.0 Firmware V12.01.01.48 Affected: F3 v3.0 Firmware V12.01.01.52 Affected: F3 v3.0 Firmware V12.01.01.55 Affected: F3 v4.0 Firmware V03.03.01.40 |
Credits
This vulnerability is reported by Deven Lunkad, Swaroop Dora, Naziya Aslam, and S. Venkatesan from IoT Security Research Lab, Indian Institute of Information Technology, Allahabad, India.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T16:44:27.653040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T16:44:56.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "300Mbps Wireless Router F3 and N300 Easy Setup Router",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.41"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.42"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.48"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.52"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.55"
},
{
"status": "affected",
"version": "F3 v4.0 Firmware V03.03.01.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Deven Lunkad, Swaroop Dora, Naziya Aslam, and S. Venkatesan from IoT Security Research Lab, Indian Institute of Information Technology, Allahabad, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unau-thorized access to the targeted device.\u003cbr\u003e"
}
],
"value": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection.\n\nSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unau-thorized access to the targeted device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1004",
"description": "CWE-1004 - Sensitive Cookie Without HttpOnly Flag",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T11:16:21.780Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0004"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply appropriate updates as mentioned by the vendor:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tendacn.com/in/material/show/724624313163845\"\u003ehttps://www.tendacn.com/in/material/show/724624313163845\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Apply appropriate updates as mentioned by the vendor:\n https://www.tendacn.com/in/material/show/724624313163845"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-22081",
"datePublished": "2026-01-09T11:16:21.780Z",
"dateReserved": "2026-01-06T07:52:50.901Z",
"dateUpdated": "2026-01-09T16:44:56.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22080 (GCVE-0-2026-22080)
Vulnerability from cvelistv5 – Published: 2026-01-09 11:05 – Updated: 2026-01-09 15:12
VLAI?
Title
Insecure Transmission Vulnerability in Tenda Wireless Routers
Summary
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials.
Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device.
Severity ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | 300Mbps Wireless Router F3 and N300 Easy Setup Router |
Affected:
F3 v3.0 Firmware V12.01.01.41
Affected: F3 v3.0 Firmware V12.01.01.42 Affected: F3 v3.0 Firmware V12.01.01.48 Affected: F3 v3.0 Firmware V12.01.01.52 Affected: F3 v3.0 Firmware V12.01.01.55 Affected: F3 v4.0 Firmware V03.03.01.40 |
Credits
This vulnerability is reported by Deven Lunkad, Swaroop Dora, Naziya Aslam, and S. Venkatesan from IoT Security Research Lab, Indian Institute of Information Technology, Allahabad, India.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T15:12:38.102200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T15:12:48.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "300Mbps Wireless Router F3 and N300 Easy Setup Router",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.41"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.42"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.48"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.52"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.55"
},
{
"status": "affected",
"version": "F3 v4.0 Firmware V03.03.01.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Deven Lunkad, Swaroop Dora, Naziya Aslam, and S. Venkatesan from IoT Security Research Lab, Indian Institute of Information Technology, Allahabad, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device.\u003cbr\u003e"
}
],
"value": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials.\n\nSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T11:26:07.261Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0004"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply appropriate updates as mentioned by the vendor:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tendacn.com/in/material/show/724624313163845\"\u003ehttps://www.tendacn.com/in/material/show/724624313163845\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Apply appropriate updates as mentioned by the vendor:\n https://www.tendacn.com/in/material/show/724624313163845"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Transmission Vulnerability in Tenda Wireless Routers",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-22080",
"datePublished": "2026-01-09T11:05:07.368Z",
"dateReserved": "2026-01-06T07:52:50.901Z",
"dateUpdated": "2026-01-09T15:12:48.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22079 (GCVE-0-2026-22079)
Vulnerability from cvelistv5 – Published: 2026-01-09 11:02 – Updated: 2026-01-09 15:15
VLAI?
Title
Cleartext Transmission Vulnerability in Tenda Wireless Routers
Summary
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmitted in plaintext.
Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device.
Severity ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | 300Mbps Wireless Router F3 and N300 Easy Setup Router |
Affected:
F3 v3.0 Firmware V12.01.01.41
Affected: F3 v3.0 Firmware V12.01.01.42 Affected: F3 v3.0 Firmware V12.01.01.48 Affected: F3 v3.0 Firmware V12.01.01.52 Affected: F3 v3.0 Firmware V12.01.01.55 Affected: F3 v4.0 Firmware V03.03.01.40 |
Credits
This vulnerability is reported by Deven Lunkad, Swaroop Dora, Naziya Aslam, and S. Venkatesan from IoT Security Research Lab, Indian Institute of Information Technology, Allahabad, India.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T15:15:16.081528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T15:15:27.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "300Mbps Wireless Router F3 and N300 Easy Setup Router",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.41"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.42"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.48"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.52"
},
{
"status": "affected",
"version": "F3 v3.0 Firmware V12.01.01.55"
},
{
"status": "affected",
"version": "F3 v4.0 Firmware V03.03.01.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Deven Lunkad, Swaroop Dora, Naziya Aslam, and S. Venkatesan from IoT Security Research Lab, Indian Institute of Information Technology, Allahabad, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmitted in plaintext.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device.\u003cbr\u003e"
}
],
"value": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmitted in plaintext.\n\nSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T11:25:36.253Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0004"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply appropriate updates as mentioned by the vendor:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tendacn.com/in/material/show/724624313163845\"\u003ehttps://www.tendacn.com/in/material/show/724624313163845\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Apply appropriate updates as mentioned by the vendor:\n https://www.tendacn.com/in/material/show/724624313163845"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cleartext Transmission Vulnerability in Tenda Wireless Routers",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-22079",
"datePublished": "2026-01-09T11:02:50.926Z",
"dateReserved": "2026-01-06T07:52:50.901Z",
"dateUpdated": "2026-01-09T15:15:27.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0640 (GCVE-0-2026-0640)
Vulnerability from cvelistv5 – Published: 2026-01-06 15:32 – Updated: 2026-01-06 18:10
VLAI?
Title
Tenda AC23 PowerSaveSet sscanf buffer overflow
Summary
A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
xuanyu (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0640",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T18:08:33.402004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T18:10:01.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC23",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.07.52"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xuanyu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T15:32:08.760Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-339683 | Tenda AC23 PowerSaveSet sscanf buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.339683"
},
{
"name": "VDB-339683 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.339683"
},
{
"name": "Submit #731772 | Tenda AC23 V16.03.07.52 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.731772"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-06T10:12:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC23 PowerSaveSet sscanf buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-0640",
"datePublished": "2026-01-06T15:32:08.760Z",
"dateReserved": "2026-01-06T09:07:14.569Z",
"dateUpdated": "2026-01-06T18:10:01.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0581 (GCVE-0-2026-0581)
Vulnerability from cvelistv5 – Published: 2026-01-05 08:02 – Updated: 2026-01-05 21:12
VLAI?
Title
Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection
Summary
A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
2160288544 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0581",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T21:12:38.055555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:12:48.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"httpd"
],
"product": "AC1206",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "2160288544 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T08:02:08.449Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-339473 | Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.339473"
},
{
"name": "VDB-339473 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.339473"
},
{
"name": "Submit #731193 | Tenda AC1206 AC1206V1.0RTL_V15.03.06.23 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.731193"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ccc-iotsec/cve-/blob/Tenda/Tenda%20AC1206%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-04T07:54:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-0581",
"datePublished": "2026-01-05T08:02:08.449Z",
"dateReserved": "2026-01-04T06:49:02.040Z",
"dateUpdated": "2026-01-05T21:12:48.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15371 (GCVE-0-2025-15371)
Vulnerability from cvelistv5 – Published: 2025-12-31 01:02 – Updated: 2026-01-02 14:38
VLAI?
Title
Tenda i24 Shadow File hard-coded credentials
Summary
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Tenda | i24 |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
vlun-1 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:22:55.128847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:38:01.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Shadow File"
],
"product": "i24",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "4G05",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "4G08",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "G0-8G-PoE",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "Nova MW5G",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "TEG5328F",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vlun-1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T01:02:06.989Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-339075 | Tenda i24 Shadow File hard-coded credentials",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.339075"
},
{
"name": "VDB-339075 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.339075"
},
{
"name": "Submit #727155 | Tenda Tenda i24v3.0 V3.0.0.8(4008) V3.0.0.8(4008) Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727155"
},
{
"name": "Submit #727283 | Tenda 4G03ProV1.0re V04.03.01.49 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727283"
},
{
"name": "Submit #727284 | Tenda 4G05V1.0re V04.05.01.15 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727284"
},
{
"name": "Submit #727285 | Tenda 4G08V1.0re V04.08.01.28 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727285"
},
{
"name": "Submit #727302 | Tenda G0-8G-PoEV2.0si V16.01.8.5 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727302"
},
{
"name": "Submit #727305 | Tenda MW5GV1.0re V1.0.0.35 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727305"
},
{
"name": "Submit #727306 | Tenda TEG5328FV1.0ma V65.10.15.6 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727306"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-30T19:37:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda i24 Shadow File hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15371",
"datePublished": "2025-12-31T01:02:06.989Z",
"dateReserved": "2025-12-30T17:35:13.980Z",
"dateUpdated": "2026-01-02T14:38:01.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15164 (GCVE-0-2025-15164)
Vulnerability from cvelistv5 – Published: 2025-12-29 00:32 – Updated: 2026-01-07 17:09
VLAI?
Title
Tenda WH450 SafeMacFilter stack-based overflow
Summary
A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
z472421519 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15164",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T19:42:12.127270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T17:09:51.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WH450",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.18"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "z472421519 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T00:32:07.802Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338539 | Tenda WH450 SafeMacFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338539"
},
{
"name": "VDB-338539 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338539"
},
{
"name": "Submit #721215 | Tenda WH450 V1.0.0.18 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.721215"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/SafeMacFilter/SafeMacFilter.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-27T21:10:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda WH450 SafeMacFilter stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15164",
"datePublished": "2025-12-29T00:32:07.802Z",
"dateReserved": "2025-12-27T20:05:25.564Z",
"dateUpdated": "2026-01-07T17:09:51.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15046 (GCVE-0-2025-15046)
Vulnerability from cvelistv5 – Published: 2025-12-23 21:32 – Updated: 2026-01-02 14:04
VLAI?
Title
Tenda WH450 HTTP Request PPTPClient stack-based overflow
Summary
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
9.8 (Critical)
9.8 (Critical)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
z472421519 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15046",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:04:22.850013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:04:29.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP Request Handler"
],
"product": "WH450",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.18"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "z472421519 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T21:32:09.417Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-337851 | Tenda WH450 HTTP Request PPTPClient stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.337851"
},
{
"name": "VDB-337851 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.337851"
},
{
"name": "Submit #720883 | Tenda WH450 V1.0.0.18 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.720883"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/PPTPClient/PPTPClient.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/PPTPClient/PPTPClient.md#reproduce"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-23T15:20:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda WH450 HTTP Request PPTPClient stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15046",
"datePublished": "2025-12-23T21:32:09.417Z",
"dateReserved": "2025-12-23T14:15:23.091Z",
"dateUpdated": "2026-01-02T14:04:29.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14526 (GCVE-0-2025-14526)
Vulnerability from cvelistv5 – Published: 2025-12-11 16:32 – Updated: 2026-01-07 16:59
VLAI?
Title
Tenda CH22 L7Im frmL7ImForm buffer overflow
Summary
A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
MaximDeVere (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14526",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T16:58:17.835442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:59:23.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "MaximDeVere (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T16:32:09.328Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-335866 | Tenda CH22 L7Im frmL7ImForm buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.335866"
},
{
"name": "VDB-335866 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.335866"
},
{
"name": "Submit #703035 | Tenda CH22 V1.0.0.1 Buffer overflow vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.703035"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/maximdevere/CVE2/issues/5"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/maximdevere/CVE2/issues/5#issue-3673676260"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-11T09:29:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 L7Im frmL7ImForm buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14526",
"datePublished": "2025-12-11T16:32:09.328Z",
"dateReserved": "2025-12-11T08:24:15.841Z",
"dateUpdated": "2026-01-07T16:59:23.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13446 (GCVE-0-2025-13446)
Vulnerability from cvelistv5 – Published: 2025-11-20 02:32 – Updated: 2025-11-20 14:52
VLAI?
Title
Tenda AC21 SetSysTimeCfg stack-based overflow
Summary
A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
jiahui288 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13446",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T14:16:02.059248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T14:52:07.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN9.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC21",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jiahui288 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T02:32:07.969Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333018 | Tenda AC21 SetSysTimeCfg stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333018"
},
{
"name": "VDB-333018 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333018"
},
{
"name": "Submit #694425 | Tenda AC21 V16.03.08.16 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.694425"
},
{
"name": "Submit #694430 | Tenda AC21 V16.03.08.16 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.694430"
},
{
"tags": [
"related"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN9.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-19T20:19:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC21 SetSysTimeCfg stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13446",
"datePublished": "2025-11-20T02:32:07.969Z",
"dateReserved": "2025-11-19T19:14:38.513Z",
"dateUpdated": "2025-11-20T14:52:07.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13445 (GCVE-0-2025-13445)
Vulnerability from cvelistv5 – Published: 2025-11-20 02:02 – Updated: 2025-11-20 14:52
VLAI?
Title
Tenda AC21 SetIpMacBind stack-based overflow
Summary
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
jiahui288 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13445",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T14:17:02.610671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T14:52:14.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN7.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC21",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jiahui288 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T02:02:09.585Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333017 | Tenda AC21 SetIpMacBind stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333017"
},
{
"name": "VDB-333017 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333017"
},
{
"name": "Submit #694066 | Tenda AC21 V16.03.08.16 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.694066"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN7.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-19T20:19:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC21 SetIpMacBind stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13445",
"datePublished": "2025-11-20T02:02:09.585Z",
"dateReserved": "2025-11-19T19:14:36.023Z",
"dateUpdated": "2025-11-20T14:52:14.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13400 (GCVE-0-2025-13400)
Vulnerability from cvelistv5 – Published: 2025-11-19 17:02 – Updated: 2025-11-20 15:49
VLAI?
Title
Tenda CH22 WrlExtraGet formWrlExtraGet buffer overflow
Summary
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
Li Hu (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13400",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T15:49:35.454133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T15:49:40.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Li Hu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T17:02:06.703Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332926 | Tenda CH22 WrlExtraGet formWrlExtraGet buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332926"
},
{
"name": "VDB-332926 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332926"
},
{
"name": "Submit #692145 | Tenda CH22 V1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.692145"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/f000x0/cve/issues/14"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-19T11:34:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 WrlExtraGet formWrlExtraGet buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13400",
"datePublished": "2025-11-19T17:02:06.703Z",
"dateReserved": "2025-11-19T10:29:17.859Z",
"dateUpdated": "2025-11-20T15:49:40.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13288 (GCVE-0-2025-13288)
Vulnerability from cvelistv5 – Published: 2025-11-17 15:32 – Updated: 2025-11-17 15:43
VLAI?
Title
Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow
Summary
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
yuan253 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13288",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T15:43:11.519214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T15:43:45.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yuan253 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda CH22 1.0.0.1 gefunden. Hiervon betroffen ist die Funktion fromPptpUserSetting der Datei /goform/PPTPUserSetting. Mit der Manipulation des Arguments delno mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T15:32:07.862Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332628 | Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332628"
},
{
"name": "VDB-332628 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332628"
},
{
"name": "Submit #691594 | Tenda Technology Co., Ltd. Tenda V1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691594"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yyyy1g/CVE/issues/1"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-17T08:54:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13288",
"datePublished": "2025-11-17T15:32:07.862Z",
"dateReserved": "2025-11-17T07:48:52.469Z",
"dateUpdated": "2025-11-17T15:43:45.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13258 (GCVE-0-2025-13258)
Vulnerability from cvelistv5 – Published: 2025-11-17 02:02 – Updated: 2025-11-17 18:47
VLAI?
Title
Tenda AC20 WifiExtraSet buffer overflow
Summary
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
Yun Zhang (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13258",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T18:45:32.375996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T18:47:00.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yun Zhang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC20 up to 16.03.08.12 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /goform/WifiExtraSet. Durch das Beeinflussen des Arguments wpapsk_crypto mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T02:02:08.487Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332593 | Tenda AC20 WifiExtraSet buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332593"
},
{
"name": "VDB-332593 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332593"
},
{
"name": "Submit #688716 | Tenda AC20 Router Affected firmware version: \u003c= V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.688716"
},
{
"tags": [
"related"
],
"url": "https://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-16T11:52:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 WifiExtraSet buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13258",
"datePublished": "2025-11-17T02:02:08.487Z",
"dateReserved": "2025-11-16T10:47:14.703Z",
"dateUpdated": "2025-11-17T18:47:00.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12622 (GCVE-0-2025-12622)
Vulnerability from cvelistv5 – Published: 2025-11-03 07:32 – Updated: 2025-11-03 16:06
VLAI?
Title
Tenda AC10 SysRunCmd formSysRunCmd buffer overflow
Summary
A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
1935648903 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T16:06:43.662517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T16:06:54.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC10",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.10.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "1935648903 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In Tenda AC10 16.03.10.13 wurde eine Schwachstelle gefunden. Dies betrifft die Funktion formSysRunCmd der Datei /goform/SysRunCmd. Durch Beeinflussen des Arguments getui mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T07:32:13.624Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330914 | Tenda AC10 SysRunCmd formSysRunCmd buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.330914"
},
{
"name": "VDB-330914 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330914"
},
{
"name": "Submit #678889 | tenda AC10V4.0 V16.03.10.13 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.678889"
},
{
"tags": [
"broken-link"
],
"url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/rg8eug0zk8ep3zne?singleDoc"
},
{
"tags": [
"exploit"
],
"url": "https://pan.baidu.com/s/1Jl1zy5niigg1XYm8ZCh_Lg"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-03T07:12:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC10 SysRunCmd formSysRunCmd buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12622",
"datePublished": "2025-11-03T07:32:13.624Z",
"dateReserved": "2025-11-02T17:42:29.275Z",
"dateUpdated": "2025-11-03T16:06:54.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12619 (GCVE-0-2025-12619)
Vulnerability from cvelistv5 – Published: 2025-11-03 07:02 – Updated: 2025-11-03 16:06
VLAI?
Title
Tenda A15 openNetworkGateway fromSetWirelessRepeat buffer overflow
Summary
A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
1935648903 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T16:06:14.847181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T16:06:25.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "A15",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.13.07.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "1935648903 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda A15 15.13.07.13 entdeckt. Das betrifft die Funktion fromSetWirelessRepeat der Datei /goform/openNetworkGateway. Durch das Beeinflussen des Arguments wpapsk_crypto2_4g mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T07:02:11.692Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330913 | Tenda A15 openNetworkGateway fromSetWirelessRepeat buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.330913"
},
{
"name": "VDB-330913 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330913"
},
{
"name": "Submit #678888 | tenda A15 V15.13.07.13 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.678888"
},
{
"tags": [
"broken-link"
],
"url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/tzg68iadbmqx6esm?singleDoc"
},
{
"tags": [
"exploit"
],
"url": "https://pan.baidu.com/s/1N5pzWOYFGl7KGuh9yjlDHg"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-03T07:11:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda A15 openNetworkGateway fromSetWirelessRepeat buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12619",
"datePublished": "2025-11-03T07:02:11.692Z",
"dateReserved": "2025-11-02T14:56:30.250Z",
"dateUpdated": "2025-11-03T16:06:25.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12618 (GCVE-0-2025-12618)
Vulnerability from cvelistv5 – Published: 2025-11-03 06:32 – Updated: 2025-12-01 22:40
VLAI?
Title
Tenda AC8 DatabaseIniSet buffer overflow
Summary
A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
1935648903 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T16:07:13.996470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:40:41.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC8",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.34.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "1935648903 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC8 16.03.34.06 gefunden. Es betrifft eine unbekannte Funktion der Datei /goform/DatabaseIniSet. Durch Manipulieren des Arguments Time mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T06:32:13.198Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330912 | Tenda AC8 DatabaseIniSet buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.330912"
},
{
"name": "VDB-330912 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330912"
},
{
"name": "Submit #678887 | tenda AC8v4.0 V16.03.34.06 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.678887"
},
{
"tags": [
"broken-link"
],
"url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/ow5xrpw56dqsgtdy?singleDoc"
},
{
"tags": [
"exploit"
],
"url": "https://pan.baidu.com/s/11fdpTujKw6Xz0yPE2l4cMw"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-03T07:11:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC8 DatabaseIniSet buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12618",
"datePublished": "2025-11-03T06:32:13.198Z",
"dateReserved": "2025-11-02T14:51:09.863Z",
"dateUpdated": "2025-12-01T22:40:41.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12611 (GCVE-0-2025-12611)
Vulnerability from cvelistv5 – Published: 2025-11-03 02:02 – Updated: 2025-11-03 14:26
VLAI?
Title
Tenda AC21 SetPptpServerCfg formSetPPTPServer buffer overflow
Summary
A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
LX-LX (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12611",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T14:16:45.645981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T14:26:36.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC21",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."
},
{
"lang": "de",
"value": "In Tenda AC21 16.03.08.16 wurde eine Schwachstelle gefunden. Es geht dabei um die Funktion formSetPPTPServer der Datei /goform/SetPptpServerCfg. Mit der Manipulation des Arguments startIp mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T02:02:09.734Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330906 | Tenda AC21 SetPptpServerCfg formSetPPTPServer buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.330906"
},
{
"name": "VDB-330906 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330906"
},
{
"name": "Submit #678491 | Tenda AC21 V16.03.08.16 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.678491"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-LX88/cve/issues/10"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-02T07:33:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC21 SetPptpServerCfg formSetPPTPServer buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12611",
"datePublished": "2025-11-03T02:02:09.734Z",
"dateReserved": "2025-11-02T06:28:46.133Z",
"dateUpdated": "2025-11-03T14:26:36.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12596 (GCVE-0-2025-12596)
Vulnerability from cvelistv5 – Published: 2025-11-02 10:32 – Updated: 2025-11-03 14:54
VLAI?
Title
Tenda AC23 saveParentControlInfo buffer overflow
Summary
A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
LX-LX (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12596",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T14:54:36.500458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T14:54:39.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LX-LX88/cve/issues/9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC23",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.07.52"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."
},
{
"lang": "de",
"value": "In Tenda AC23 16.03.07.52 ist eine Schwachstelle entdeckt worden. Betroffen ist die Funktion saveParentControlInfo der Datei /goform/saveParentControlInfo. Dank Manipulation des Arguments Time mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-02T10:32:06.299Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330891 | Tenda AC23 saveParentControlInfo buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.330891"
},
{
"name": "VDB-330891 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330891"
},
{
"name": "Submit #677585 | Tenda AC23 V16.03.07.52 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.677585"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-LX88/cve/issues/9"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-01T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-01T18:26:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC23 saveParentControlInfo buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12596",
"datePublished": "2025-11-02T10:32:06.299Z",
"dateReserved": "2025-11-01T17:21:21.802Z",
"dateUpdated": "2025-11-03T14:54:39.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12595 (GCVE-0-2025-12595)
Vulnerability from cvelistv5 – Published: 2025-11-02 10:02 – Updated: 2025-11-03 14:55
VLAI?
Title
Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow
Summary
A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
LX-LX (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12595",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T14:55:44.673004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T14:55:49.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LX-LX88/cve/issues/8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC23",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.07.52"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "In Tenda AC23 16.03.07.52 wurde eine Schwachstelle gefunden. Hierbei geht es um die Funktion formSetVirtualSer der Datei /goform/SetVirtualServerCfg. Dank der Manipulation des Arguments list mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-02T10:02:07.134Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330890 | Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.330890"
},
{
"name": "VDB-330890 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330890"
},
{
"name": "Submit #677581 | Tenda AC23 V16.03.07.52 Buffer Over",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.677581"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-LX88/cve/issues/8"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-01T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-01T18:26:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12595",
"datePublished": "2025-11-02T10:02:07.134Z",
"dateReserved": "2025-11-01T17:21:18.934Z",
"dateUpdated": "2025-11-03T14:55:49.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12322 (GCVE-0-2025-12322)
Vulnerability from cvelistv5 – Published: 2025-10-27 20:32 – Updated: 2025-10-28 14:50
VLAI?
Title
Tenda CH22 NatStaticSetting fromNatStaticSetting buffer overflow
Summary
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
hhsw34 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12322",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T14:49:50.451108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T14:50:06.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/QIU-DIE/CVE/issues/19"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hhsw34 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda CH22 1.0.0.1 entdeckt. Betroffen davon ist die Funktion fromNatStaticSetting der Datei /goform/NatStaticSetting. Durch das Beeinflussen des Arguments page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T20:32:09.364Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330101 | Tenda CH22 NatStaticSetting fromNatStaticSetting buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.330101"
},
{
"name": "VDB-330101 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330101"
},
{
"name": "Submit #674151 | Tenda CH22 V1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.674151"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/QIU-DIE/CVE/issues/19"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-27T10:27:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 NatStaticSetting fromNatStaticSetting buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12322",
"datePublished": "2025-10-27T20:32:09.364Z",
"dateReserved": "2025-10-27T09:22:49.144Z",
"dateUpdated": "2025-10-28T14:50:06.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12274 (GCVE-0-2025-12274)
Vulnerability from cvelistv5 – Published: 2025-10-27 12:32 – Updated: 2025-10-27 13:05
VLAI?
Title
Tenda CH22 P2pListFilter fromP2pListFilter buffer overflow
Summary
A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
hhsw34 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T13:05:44.086345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:05:48.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/QIU-DIE/CVE/issues/23"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hhsw34 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
},
{
"lang": "de",
"value": "In Tenda CH22 1.0.0.1 wurde eine Schwachstelle gefunden. Hiervon betroffen ist die Funktion fromP2pListFilter der Datei /goform/P2pListFilter. Durch Manipulieren des Arguments page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T12:32:12.399Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329946 | Tenda CH22 P2pListFilter fromP2pListFilter buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329946"
},
{
"name": "VDB-329946 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329946"
},
{
"name": "Submit #674165 | Tenda CH22 V1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.674165"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/QIU-DIE/CVE/issues/23"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:09:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 P2pListFilter fromP2pListFilter buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12274",
"datePublished": "2025-10-27T12:32:12.399Z",
"dateReserved": "2025-10-26T16:04:25.675Z",
"dateUpdated": "2025-10-27T13:05:48.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12273 (GCVE-0-2025-12273)
Vulnerability from cvelistv5 – Published: 2025-10-27 12:32 – Updated: 2025-10-27 13:07
VLAI?
Title
Tenda CH22 webExcptypemanFilter fromwebExcptypemanFilter buffer overflow
Summary
A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
hhsw34 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12273",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T13:07:39.247586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:07:43.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/QIU-DIE/CVE/issues/22"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hhsw34 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda CH22 1.0.0.1 entdeckt. Davon betroffen ist die Funktion fromwebExcptypemanFilter der Datei /goform/webExcptypemanFilter. Durch das Manipulieren des Arguments page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T12:32:08.278Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329945 | Tenda CH22 webExcptypemanFilter fromwebExcptypemanFilter buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329945"
},
{
"name": "VDB-329945 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329945"
},
{
"name": "Submit #674161 | Tenda CH22 V1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.674161"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/QIU-DIE/CVE/issues/22"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:09:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 webExcptypemanFilter fromwebExcptypemanFilter buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12273",
"datePublished": "2025-10-27T12:32:08.278Z",
"dateReserved": "2025-10-26T16:04:22.594Z",
"dateUpdated": "2025-10-27T13:07:43.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12272 (GCVE-0-2025-12272)
Vulnerability from cvelistv5 – Published: 2025-10-27 12:02 – Updated: 2025-10-27 13:14
VLAI?
Title
Tenda CH22 addressNat fromAddressNat buffer overflow
Summary
A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
hhsw34 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12272",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T13:14:53.042181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:14:57.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/QIU-DIE/CVE/issues/21"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hhsw34 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda CH22 1.0.0.1 gefunden. Hierbei betrifft es die Funktion fromAddressNat der Datei /goform/addressNat. Mittels Manipulieren des Arguments page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T12:02:14.528Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329944 | Tenda CH22 addressNat fromAddressNat buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329944"
},
{
"name": "VDB-329944 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329944"
},
{
"name": "Submit #674159 | Tenda CH22 V1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.674159"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/QIU-DIE/CVE/issues/21"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:09:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 addressNat fromAddressNat buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12272",
"datePublished": "2025-10-27T12:02:14.528Z",
"dateReserved": "2025-10-26T16:04:19.652Z",
"dateUpdated": "2025-10-27T13:14:57.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12271 (GCVE-0-2025-12271)
Vulnerability from cvelistv5 – Published: 2025-10-27 12:02 – Updated: 2025-10-27 13:15
VLAI?
Title
Tenda CH22 RouteStatic fromRouteStatic buffer overflow
Summary
A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
hhsw34 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12271",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T13:15:30.643231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:15:34.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/QIU-DIE/CVE/issues/20"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hhsw34 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used."
},
{
"lang": "de",
"value": "In Tenda CH22 1.0.0.1 ist eine Schwachstelle entdeckt worden. Dabei betrifft es die Funktion fromRouteStatic der Datei /goform/RouteStatic. Mittels dem Manipulieren des Arguments page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T12:02:10.792Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329943 | Tenda CH22 RouteStatic fromRouteStatic buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329943"
},
{
"name": "VDB-329943 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329943"
},
{
"name": "Submit #674153 | Tenda CH22 V1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.674153"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/QIU-DIE/CVE/issues/20"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:09:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 RouteStatic fromRouteStatic buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12271",
"datePublished": "2025-10-27T12:02:10.792Z",
"dateReserved": "2025-10-26T16:04:16.723Z",
"dateUpdated": "2025-10-27T13:15:34.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12265 (GCVE-0-2025-12265)
Vulnerability from cvelistv5 – Published: 2025-10-27 11:02 – Updated: 2025-10-27 12:14
VLAI?
Title
Tenda CH22 VirtualSer fromVirtualSer buffer overflow
Summary
A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
hhsw34 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12265",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T12:14:18.547890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T12:14:52.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hhsw34 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda CH22 1.0.0.1 gefunden. Hierbei geht es um die Funktion fromVirtualSer der Datei /goform/VirtualSer. Die Ver\u00e4nderung des Parameters page resultiert in buffer overflow. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T11:02:07.933Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329936 | Tenda CH22 VirtualSer fromVirtualSer buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329936"
},
{
"name": "VDB-329936 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329936"
},
{
"name": "Submit #674012 | Tenda CH22 V1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.674012"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/QIU-DIE/CVE/issues/18"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T06:55:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 VirtualSer fromVirtualSer buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12265",
"datePublished": "2025-10-27T11:02:07.933Z",
"dateReserved": "2025-10-26T05:50:20.200Z",
"dateUpdated": "2025-10-27T12:14:52.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12236 (GCVE-0-2025-12236)
Vulnerability from cvelistv5 – Published: 2025-10-27 06:22 – Updated: 2025-10-27 13:23
VLAI?
Title
Tenda CH22 DhcpListClient fromDhcpListClient buffer overflow
Summary
A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
LINXI666 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12236",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T13:23:36.655340Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:23:52.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/QIU-DIE/CVE/issues/17"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LINXI666 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In Tenda CH22 1.0.0.1 wurde eine Schwachstelle gefunden. Dies betrifft die Funktion fromDhcpListClient der Datei /goform/DhcpListClient. Durch Beeinflussen des Arguments page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T06:22:47.662Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329906 | Tenda CH22 DhcpListClient fromDhcpListClient buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329906"
},
{
"name": "VDB-329906 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329906"
},
{
"name": "Submit #673724 | Tenda CH22 v1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.673724"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/QIU-DIE/CVE/issues/17"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T19:09:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 DhcpListClient fromDhcpListClient buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12236",
"datePublished": "2025-10-27T06:22:47.662Z",
"dateReserved": "2025-10-25T17:04:00.958Z",
"dateUpdated": "2025-10-27T13:23:52.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12235 (GCVE-0-2025-12235)
Vulnerability from cvelistv5 – Published: 2025-10-27 06:22 – Updated: 2025-10-27 13:25
VLAI?
Title
Tenda CH22 SetIpBind fromSetIpBind buffer overflow
Summary
A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
LINXI666 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12235",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T13:25:08.825470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:25:16.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/QIU-DIE/CVE/issues/16"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LINXI666 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda CH22 1.0.0.1 entdeckt. Das betrifft die Funktion fromSetIpBind der Datei /goform/SetIpBind. Durch das Beeinflussen des Arguments page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T06:22:44.013Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329905 | Tenda CH22 SetIpBind fromSetIpBind buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329905"
},
{
"name": "VDB-329905 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329905"
},
{
"name": "Submit #673720 | Tenda CH22 v1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.673720"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/QIU-DIE/CVE/issues/16"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T19:09:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 SetIpBind fromSetIpBind buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12235",
"datePublished": "2025-10-27T06:22:44.013Z",
"dateReserved": "2025-10-25T17:03:56.836Z",
"dateUpdated": "2025-10-27T13:25:16.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12234 (GCVE-0-2025-12234)
Vulnerability from cvelistv5 – Published: 2025-10-27 06:22 – Updated: 2025-10-27 13:34
VLAI?
Title
Tenda CH22 SafeMacFilter fromSafeMacFilter buffer overflow
Summary
A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
LINXI666 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12234",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T13:34:49.451501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:34:53.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/QIU-DIE/CVE/issues/15"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CH22",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LINXI666 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda CH22 1.0.0.1 gefunden. Es betrifft die Funktion fromSafeMacFilter der Datei /goform/SafeMacFilter. Durch Manipulieren des Arguments page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T06:22:21.764Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329904 | Tenda CH22 SafeMacFilter fromSafeMacFilter buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329904"
},
{
"name": "VDB-329904 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329904"
},
{
"name": "Submit #673718 | Tenda CH22 v1.0.0.1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.673718"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/QIU-DIE/CVE/issues/15"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T19:09:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda CH22 SafeMacFilter fromSafeMacFilter buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12234",
"datePublished": "2025-10-27T06:22:21.764Z",
"dateReserved": "2025-10-25T17:03:53.172Z",
"dateUpdated": "2025-10-27T13:34:53.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}