A vulnerability was identified in Tenda F1202 1
Description
A vulnerability was identified in Tenda F1202 1
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
436 vulnerabilities from Tenda
← Back to all CVEsA vulnerability was identified in Tenda F1202 1
A vulnerability was identified in Tenda F1202 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F1202 1
A vulnerability was determined in Tenda F1202 1
---METADATA---
VENDOR: Tenda
PRODUCT: F1202
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical security vulnerability has been determined in the Tenda F1202 router, potentially allowing for remote exploitation of the device.
Executive Summary:
A critical vulnerability in the Tenda F1202 router poses a high risk of unauthorized device control and potential network-wide security compromise.
Vulnerability Details
CVE-ID: CVE-2026-9430
Affected Software: Tenda F1202
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability in the Tenda F1202 firmware likely involves an authentication or input validation flaw that enables unauthorized access to sensitive router functions. Such issues can often be exploited to manipulate router settings or execute code.
Business Impact
With a CVSS score of 8.8, this vulnerability is classified as high-risk. Successful exploitation allows an attacker to compromise the gateway between the internal network and the internet, facilitating traffic interception and further attacks on internal resources.
Remediation Plan
Immediate Action: Update the Tenda F1202 firmware to the latest available version as provided by the vendor.
Proactive Monitoring: Monitor internal network traffic for signs of unauthorized access or anomalous activity originating from the router.
Compensating Controls: Restrict management interface access to a secure, internal-only management network segment.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Administrators should prioritize the security of their perimeter devices. The Tenda F1202 must be patched immediately to close this vulnerability and protect the network from potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F1202 1
A vulnerability was found in Tenda F1202 1
---METADATA---
VENDOR: Tenda
PRODUCT: F1202
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the Tenda F1202 router, potentially allowing an attacker to execute unauthorized commands or access sensitive data.
Executive Summary:
A critical vulnerability in the Tenda F1202 router presents a significant risk of device compromise and unauthorized network access.
Vulnerability Details
CVE-ID: CVE-2026-9429
Affected Software: Tenda F1202
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability involves a flaw in the Tenda F1202 firmware that potentially permits unauthorized access or command execution. This flaw typically resides in the device's web management interface, which is a common vector for remote exploitation.
Business Impact
The CVSS score of 8.8 indicates a high-risk scenario where an attacker could gain persistent control over the network. The resulting impact includes the potential loss of data confidentiality and the ability for the attacker to move laterally within the network.
Remediation Plan
Immediate Action: Apply the latest firmware update provided by Tenda to all affected F1202 units.
Proactive Monitoring: Monitor network traffic for unusual activity and regularly check the router’s configuration for unauthorized modifications.
Compensating Controls: Disable WAN-side administration and implement strong, unique passwords for the administrative interface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams must treat this vulnerability with high urgency. Patching the Tenda F1202 is essential to prevent unauthorized access and protect the overall security posture of the network.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda F1202 1
A vulnerability has been found in Tenda F1202 1
---METADATA---
VENDOR: Tenda
PRODUCT: F1202
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability has been discovered in the Tenda F1202 router, which may allow an attacker to compromise the device's integrity.
Executive Summary:
A critical vulnerability in the Tenda F1202 router could allow an attacker to gain unauthorized control, risking the security of the entire local network.
Vulnerability Details
CVE-ID: CVE-2026-9428
Affected Software: Tenda F1202
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Tenda F1202 router firmware. The nature of the flaw allows for potential unauthorized actions, which could range from configuration manipulation to arbitrary code execution, depending on the specific entry point.
Business Impact
Given the CVSS score of 8.8, this vulnerability poses a high risk. Compromise of the router allows an attacker to control the flow of network traffic, potentially leading to data theft, credential harvesting, and the infiltration of other connected devices within the network.
Remediation Plan
Immediate Action: Update the firmware of the Tenda F1202 to the latest version provided by the manufacturer.
Proactive Monitoring: Review router access logs for suspicious administrative activity and monitor for unauthorized changes to security settings.
Compensating Controls: Ensure the router is not accessible from the public internet and restrict access to the web management interface to trusted local IP addresses.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Router vulnerabilities are critical due to their position as the gateway to the internal network. Tenda F1202 owners should apply the necessary firmware updates immediately to mitigate the threat of unauthorized access and network compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F456 1
A security vulnerability has been detected in Tenda F456 1
---METADATA---
VENDOR: Tenda
PRODUCT: F456
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in Tenda F456 routers, potentially exposing the device to unauthorized administrative control.
Executive Summary:
A critical security vulnerability in the Tenda F456 router may allow an attacker to gain unauthorized access or control over the device.
Vulnerability Details
CVE-ID: CVE-2026-9389
Affected Software: Tenda F456
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability relates to a security flaw in the firmware of the Tenda F456. While specific technical details are pending, such vulnerabilities in consumer-grade routers typically involve authentication bypass or command injection flaws.
Business Impact
With a CVSS score of 8.8, the potential for full device compromise is significant. An attacker who gains control of the router can intercept traffic, perform man-in-the-middle attacks, and pivot into the internal network, causing severe risk to all connected endpoints.
Remediation Plan
Immediate Action: Check the Tenda support website for firmware updates and apply them to all F456 devices immediately.
Proactive Monitoring: Monitor for unexpected traffic patterns or changes to device configuration settings that suggest unauthorized tampering.
Compensating Controls: Disable remote management features on the router and ensure that the administrative interface is not exposed to the public internet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Network perimeter devices are high-value targets for attackers. Users of Tenda F456 hardware should prioritize the deployment of vendor-supplied patches to secure their local network gateway against potential remote exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda CX12L 16
A vulnerability was found in Tenda CX12L 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda 4G300 US_4G300V1
A flaw has been found in Tenda 4G300 US_4G300V1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda HG3 2
A vulnerability was determined in Tenda HG3 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda HG3 2
A vulnerability was determined in Tenda HG3 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda HG3 2
A vulnerability was detected in Tenda HG3 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda F456 1
A vulnerability has been found in Tenda F456 1
---METADATA---
VENDOR: Tenda
PRODUCT: F456
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: low
MISSING: technical_details, patch
---END_METADATA---
Description Summary:
A critical security vulnerability has been identified in the Tenda F456 router, potentially allowing unauthorized system access.
Executive Summary:
Tenda F456 routers are affected by a high-severity vulnerability that poses a significant risk to network security and device integrity.
Vulnerability Details
CVE-ID: CVE-2026-7101
Affected Software: Tenda F456
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability affects the Tenda F456; however, specific technical details regarding the attack vector or authentication requirements are currently sparse, necessitating a cautious approach to security posture.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a severe threat to network perimeter security. Compromise of an edge device such as a router can lead to full network interception, traffic redirection, and the potential for a complete breach of the internal corporate environment.
Remediation Plan
Immediate Action: Check the Tenda support portal for the latest firmware updates and apply them to all affected F456 devices immediately.
Proactive Monitoring: Monitor network traffic for anomalous outbound connections or unauthorized changes to device configuration settings.
Compensating Controls: If a patch is unavailable, isolate the device from the public internet or place it behind a secondary firewall to limit exposure.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, this issue should be treated with urgency. Administrators should monitor for official vendor communication and apply firmware updates as soon as they become available to prevent potential device takeover.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F456 1
A flaw has been found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F456 1
A vulnerability was detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F456 1
A security vulnerability has been detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda F456 1
A weakness has been identified in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda HG3 2
A security flaw has been discovered in Tenda HG3 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F456 1
A flaw has been found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F456 1
A vulnerability was detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F456 1
A security vulnerability has been detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda F456 1
A weakness has been identified in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda F456 1
A security flaw has been discovered in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F456 1
A flaw has been found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F456 1
A vulnerability was detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F456 1
A security vulnerability has been detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda F456 1
A weakness has been identified in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda F456 1
A security flaw has been discovered in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda i9 1
A vulnerability was identified in Tenda i9 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda FH1202 1
A vulnerability was determined in Tenda FH1202 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda FH1202 1
A vulnerability was found in Tenda FH1202 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda F456 1
A vulnerability has been found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F456 1
A flaw has been found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F456 1
A vulnerability was detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F456 1
A security vulnerability has been detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda F456 1
A weakness has been identified in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda F456 1
A vulnerability was identified in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda F451 1
A vulnerability was identified in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F451 1
A vulnerability was determined in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F451 1
A vulnerability was found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F456 1
A vulnerability was determined in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F456 1
A vulnerability was found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda F456 1
A vulnerability has been found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F456 1
A flaw has been found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F456 1
A vulnerability was detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F451 1
A vulnerability was detected in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F451 1
A security vulnerability has been detected in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda F451 1
A weakness has been identified in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda F451 1
A security flaw has been discovered in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda F451 1
A vulnerability was identified in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F451 1
A vulnerability was determined in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F451 1
A vulnerability was found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda F451 1
A vulnerability has been found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F451 1
A flaw has been found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F451 1
A vulnerability was detected in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC9 15
A vulnerability was found in Tenda AC9 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC9 15
A vulnerability has been found in Tenda AC9 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F451 1
A vulnerability was determined in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F451 1
A vulnerability was found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda F451 1
A vulnerability has been found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F451 1
A flaw has been found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F451 1
A vulnerability was detected in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC15 15
A vulnerability was identified in Tenda AC15 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda CX12L 16
A weakness has been identified in Tenda CX12L 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda CX12L 16
A security flaw has been discovered in Tenda CX12L 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda CX12L 16
A vulnerability was identified in Tenda CX12L 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda CX12L 16
A vulnerability was determined in Tenda CX12L 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda i12 1
A flaw has been found in Tenda i12 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda CH22 1
A weakness has been identified in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda CH22 1
A security flaw has been discovered in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda M3 1
A flaw has been found in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC10 16
A vulnerability was identified in Tenda AC10 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC10 16
A vulnerability was found in Tenda AC10 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda 4G03 Pro up to 1
A security flaw has been discovered in Tenda 4G03 Pro up to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda CH22 1
A vulnerability was determined in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda CH22 1
A vulnerability was determined in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda CH22 1
A vulnerability was found in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda CH22 1
A vulnerability has been found in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda CH22 1
A vulnerability was detected in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda FH1201 1
A flaw has been found in Tenda FH1201 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda FH1201 1
A vulnerability was detected in Tenda FH1201 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda 4G06 04
A vulnerability was found in Tenda 4G06 04
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F453 1
A flaw has been found in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC15 15
A vulnerability has been found in Tenda AC15 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda AC7 15
A flaw has been found in Tenda AC7 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC6 15
A vulnerability was identified in Tenda AC6 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC6 15
A vulnerability was determined in Tenda AC6 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC5 15
A vulnerability was determined in Tenda AC5 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC5 15
A vulnerability was found in Tenda AC5 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC5 15
A vulnerability has been found in Tenda AC5 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda AC5 15
A flaw has been found in Tenda AC5 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC5 15
A vulnerability was detected in Tenda AC5 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A stack-based buffer overflow in the Tenda A15 UploadCfg function allows remote attackers to execute arbitrary code via a malicious File argument.
A stack-based buffer overflow in the Tenda A15 UploadCfg function allows remote attackers to execute arbitrary code via a malicious File argument.
---METADATA---
VENDOR: Tenda
PRODUCT: A15
AFFECTED_VERSIONS: 15.13.07.13
---END_METADATA---
Description Summary:
A stack-based buffer overflow in the Tenda A15 UploadCfg function allows remote attackers to execute arbitrary code via a malicious File argument.
Executive Summary:
Tenda A15 WiFi extenders are vulnerable to a critical remote code execution flaw due to a buffer overflow in the configuration upload function.
Vulnerability Details
CVE-ID: CVE-2026-4567
Affected Software: Tenda A15
Affected Versions: 15.13.07.13
Vulnerability: A stack-based buffer overflow exists in the UploadCfg function within the /cgi-bin/UploadCfg file. A remote, unauthenticated attacker can manipulate the File argument to overflow the stack and gain control of the device.
Business Impact
Successful exploitation allows an attacker to gain full control over the Tenda A15 device. This can lead to the interception of network traffic, redirection of users to malicious websites (DNS hijacking), and use of the device as a pivot point for further attacks on the internal network. The CVSS score of 9.8 underscores the critical nature of this hardware vulnerability.
Remediation Plan
Immediate Action: Update the Tenda A15 firmware to the latest version provided by the vendor. If no patch is available, consider replacing the device.
Proactive Monitoring: Monitor for unusual outbound traffic from the device and review administrative logs for unauthorized configuration changes.
Compensating Controls: Disable the web management interface from being accessible over the WAN and ensure the device is behind a robust network firewall.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of March 23, 2026, the exploit for this vulnerability has been disclosed to the public. Active exploitation should be assumed for any devices exposed to the internet or untrusted local networks.
Analyst Recommendation
The public availability of an exploit for a CVSS 9.8 vulnerability makes this a critical priority. Administrators should apply the vendor-supplied firmware update immediately or decommission the affected hardware to prevent network compromise.
Update Tenda A15 to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC21 16
A vulnerability was detected in Tenda AC21 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda F453 1
A vulnerability was identified in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F453 1
A vulnerability was determined in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F453 1
A vulnerability was found in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda FH451 1
A vulnerability has been found in Tenda FH451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda FH451 1
A flaw has been found in Tenda FH451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda A18 Pro 02
A vulnerability was determined in Tenda A18 Pro 02
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda A18 Pro 02
A vulnerability was found in Tenda A18 Pro 02
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda A18 Pro 02
A vulnerability has been found in Tenda A18 Pro 02
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda A18 Pro 02
A flaw has been found in Tenda A18 Pro 02
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda A18 Pro 02
A vulnerability was detected in Tenda A18 Pro 02
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePw...
A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
---METADATA---
VENDOR: Tenda
PRODUCT: AC8
AFFECTED_VERSIONS: up to 16.03.50.11
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
A stack-based buffer overflow in the Tenda AC8 HTTP endpoint allows remote attackers to execute arbitrary commands.
Executive Summary:
A critical stack-based buffer overflow in Tenda AC8 allows unauthenticated remote attackers to execute arbitrary code via the HTTP interface.
Vulnerability Details
CVE-ID: CVE-2026-4254
Affected Software: Tenda AC8
Affected Versions: up to 16.03.50.11
Vulnerability: The vulnerability exists in the doSystemCmd function of the /goform/SysToolChangePwd file. An unauthenticated remote attacker can trigger a stack-based buffer overflow by manipulating the local_2c argument.
Business Impact
The CVSS score of 9.8 underscores the extreme risk posed by this vulnerability. Remote code execution on networking hardware like the Tenda AC8 can allow attackers to intercept traffic, redirect users, or gain persistence within the local network, leading to widespread data compromise.
Remediation Plan
Immediate Action: Update the Tenda AC8 firmware to the latest available version provided by the manufacturer.
Proactive Monitoring: Monitor network traffic for unusual HTTP requests targeting the /goform/SysToolChangePwd endpoint.
Compensating Controls: Restrict access to the router's management interface to trusted internal IP addresses only.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: As of Mar 16, 2026, a public exploit is available for this vulnerability. Given the ease of exploitation, the risk of active attacks is extremely high.
Analyst Recommendation
Due to the availability of public exploits and the critical nature of the flaw, immediate firmware updates are required. Organizations should ensure that management interfaces are not exposed to the public internet and apply the patch as soon as it is released by Tenda.
Update Tenda AC8 up to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manip...
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
---METADATA---
VENDOR: Tenda
PRODUCT: AC8
AFFECTED_VERSIONS: 16.03.50.11
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
A vulnerability in the Tenda AC8 IPv6 Handler function allows remote attackers to bypass authentication by manipulating IPv6 address reliance.
Executive Summary:
A critical authentication bypass vulnerability in Tenda AC8 routers allows remote, unauthenticated attackers to gain unauthorized access to the device.
Vulnerability Details
CVE-ID: CVE-2026-4252
Affected Software: Tenda AC8
Affected Versions: 16.03.50.11
Vulnerability: This vulnerability exists in the check_is_ipv6 function of the IPv6 component, where improper handling of IP addresses allows for an authentication bypass. The flaw is remotely exploitable without requiring prior authentication.
Business Impact
Successful exploitation allows an attacker to bypass authentication, potentially leading to full administrative control over the network device. Given the CVSS score of 9.8, this poses a severe risk of data interception, unauthorized network access, and potential pivot points into the internal local area network.
Remediation Plan
Immediate Action: Update the Tenda AC8 firmware to the latest version provided by the manufacturer to patch the authentication logic.
Proactive Monitoring: Monitor network traffic for unusual IPv6-related activity and review administrative access logs for unauthorized login attempts.
Compensating Controls: If an update is unavailable, disable IPv6 functionality on the device and restrict management interfaces to trusted internal IP ranges.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: As of Mar 16, 2026, there is public information confirming the existence of an exploit for this vulnerability. The risk is elevated due to the availability of proof-of-concept code and the remote nature of the attack vector.
Analyst Recommendation
This vulnerability represents a critical security risk due to the ease of remote exploitation. Organizations using the affected Tenda AC8 devices should prioritize patching immediately or isolate the devices from external network access to prevent compromise.
Update Tenda AC8 to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda i12 1
A security vulnerability has been detected in Tenda i12 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda i12 1
A weakness has been identified in Tenda i12 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda i12 1
A security flaw has been discovered in Tenda i12 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda W3 1
A flaw has been found in Tenda W3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda W3 1
A vulnerability was detected in Tenda W3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda W3 1
A weakness has been identified in Tenda W3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda W3 1
A security flaw has been discovered in Tenda W3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda W3 1
A vulnerability was identified in Tenda W3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda W3 1
A vulnerability was determined in Tenda W3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda W3 1
A vulnerability was found in Tenda W3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda i3 1
A vulnerability has been found in Tenda i3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda i3 1
A flaw has been found in Tenda i3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda FH1202 1
A vulnerability was found in Tenda FH1202 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda FH1202 1
A vulnerability has been found in Tenda FH1202 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda FH1202 1
A flaw has been found in Tenda FH1202 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda FH1202 1
A vulnerability was detected in Tenda FH1202 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda FH1202 1
A security vulnerability has been detected in Tenda FH1202 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda i3 1
A security flaw has been discovered in Tenda i3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda i3 1
A vulnerability was identified in Tenda i3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda i3 1
A vulnerability was determined in Tenda i3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda i3 1
A vulnerability was found in Tenda i3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda i3 1
A flaw has been found in Tenda i3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F453 1
A vulnerability was detected in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F453 1
A security vulnerability has been detected in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F453 1
A security vulnerability has been detected in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda F453 1
A vulnerability was identified in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F453 1
A vulnerability was determined in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F453 1
A vulnerability was found in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda F453 1
A vulnerability has been found in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda FH451 1
A vulnerability was identified in Tenda FH451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda FH451 1
A vulnerability was determined in Tenda FH451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda FH451 1
A vulnerability was found in Tenda FH451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda AC15 up to 15
A security flaw has been discovered in Tenda AC15 up to 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda F453 1
A vulnerability was identified in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F453 1
A vulnerability was determined in Tenda F453 1
---METADATA---
VENDOR: Tenda
PRODUCT: F453
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability has been determined in the Tenda F453 router, which could lead to unauthorized administrative access or system failure.
Executive Summary:
The Tenda F453 router is affected by a high-severity vulnerability that could permit an attacker to gain unauthorized control over the device and its traffic.
Vulnerability Details
CVE-ID: CVE-2026-3398
Affected Software: Tenda F453
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: A vulnerability has been determined in the Tenda F453 router. The CVSS score of 8.8 suggests a severe flaw, likely involving improper input validation or a failure in the authentication logic within the device's operating system.
Business Impact
With a CVSS score of 8.8, this is a High-severity threat. Successful exploitation could allow an attacker to disrupt all network communications, steal administrative credentials, or use the router as a botnet node, leading to significant legal, financial, and operational consequences.
Remediation Plan
Immediate Action: Immediately download and install the latest firmware patch from Tenda’s official support channels to secure the F453 router.
Proactive Monitoring: Enable and review system alerts for any unauthorized configuration changes or attempts to access restricted system files on the router.
Compensating Controls: Restrict administrative access to the router to physical console connections or a dedicated, isolated management VLAN to reduce the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. The high severity indicates that the vulnerability is likely critical to the device's security architecture.
Analyst Recommendation
This vulnerability presents an unacceptable risk to any network utilizing the affected Tenda F453 hardware. Immediate remediation via the manufacturer's patch is required to prevent potential exploitation and ensure the security of the network infrastructure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F453 1
A vulnerability was found in Tenda F453 1
---METADATA---
VENDOR: Tenda
PRODUCT: F453
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability found in the Tenda F453 router could allow for unauthorized access or execution of arbitrary actions by an attacker.
Executive Summary:
A high-severity vulnerability in the Tenda F453 router introduces a critical risk of unauthorized device access and potential data exfiltration from the network.
Vulnerability Details
CVE-ID: CVE-2026-3380
Affected Software: Tenda F453
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: A vulnerability has been discovered in the Tenda F453 router software. Based on the high CVSS score, the flaw likely allows for an attacker to interact with the device at a high privilege level, potentially bypassing standard authentication mechanisms.
Business Impact
The CVSS score of 8.8 places this vulnerability in the High severity category. Exploitation could lead to a complete loss of control over the router, enabling an attacker to monitor all unencrypted traffic, gain access to local network resources, and severely impact the confidentiality of organizational data.
Remediation Plan
Immediate Action: Apply the manufacturer's recommended security updates to the Tenda F453 router to address the underlying vulnerability.
Proactive Monitoring: Monitor device logs for signs of brute-force attacks or access from unusual geographic locations that may indicate an attempted compromise.
Compensating Controls: Segment the network to limit the router's exposure and use internal firewalls to protect sensitive assets from a potentially compromised gateway.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, the high severity score suggests that the vulnerability is highly reliable if an exploit were developed.
Analyst Recommendation
Given the central role of the Tenda F453 in network connectivity, this vulnerability must be addressed with urgency. Applying the vendor-provided update is the only effective way to mitigate the risk and protect the organizational perimeter.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda F453 1
A vulnerability has been found in Tenda F453 1
---METADATA---
VENDOR: Tenda
PRODUCT: F453
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the Tenda F453 router has been identified that could permit unauthorized actors to interfere with device operations or gain elevated privileges.
Executive Summary:
The Tenda F453 router contains a high-severity vulnerability that poses a substantial risk of unauthorized access and potential disruption of network services.
Vulnerability Details
CVE-ID: CVE-2026-3379
Affected Software: Tenda F453
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is identified as a high-impact flaw within the Tenda F453 router. The CVSS score indicates that an attacker could likely target the device's control plane or management functions to achieve unauthorized objectives.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful compromise of the router allows an attacker to act as a "man-in-the-middle," potentially capturing sensitive credentials, redirecting user traffic to malicious sites, and causing significant business disruption through network instability.
Remediation Plan
Immediate Action: Deploy the latest security patches or firmware updates provided by Tenda to all affected F453 devices immediately.
Proactive Monitoring: Regularly audit the router's configuration for unauthorized changes and monitor for unexpected reboots or service interruptions that could indicate exploitation.
Compensating Controls: Enforce strong authentication for all administrative accounts and ensure that the management interface is only accessible via a secure, encrypted VPN connection.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. Given the high impact, organizations should remain vigilant for any emerging proof-of-concept code.
Analyst Recommendation
The risk associated with this router vulnerability is significant due to its position as a gateway device. It is imperative that administrators prioritize the application of the vendor’s remediation steps to prevent potential network-wide compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F453 1
A flaw has been found in Tenda F453 1
---METADATA---
VENDOR: Tenda
PRODUCT: F453
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical flaw has been discovered in the Tenda F453 router that could lead to unauthorized system manipulation or a complete compromise of the device.
Executive Summary:
A high-severity security flaw in the Tenda F453 router could allow an attacker to compromise the device, leading to a loss of confidentiality and network control.
Vulnerability Details
CVE-ID: CVE-2026-3378
Affected Software: Tenda F453
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is characterized as a significant flaw in the Tenda F453 device software. While specific technical details are withheld, the high CVSS score suggests an attacker could potentially bypass security controls or execute arbitrary code on the router.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a High-level risk to the organization's infrastructure. If exploited, an attacker could gain a persistent foothold on the network, manipulate traffic routing, and expose internal resources to further exploitation, resulting in severe reputational and operational damage.
Remediation Plan
Immediate Action: Update the Tenda F453 firmware to the most recent version available from the manufacturer's official support site immediately.
Proactive Monitoring: Implement automated log analysis to detect unusual configuration changes or unauthorized administrative access to the router’s management console.
Compensating Controls: Utilize a Web Application Firewall (WAF) or a dedicated security gateway to filter traffic to the device and ensure that administrative services are not exposed to the public internet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, the high severity level suggests that once details are released, exploitation attempts may follow quickly.
Analyst Recommendation
The severity of this flaw necessitates immediate attention from security administrators. To ensure the continued protection of the network environment, the primary firmware update must be applied without delay to close the vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F453 1
A vulnerability was detected in Tenda F453 1
---METADATA---
VENDOR: Tenda
PRODUCT: F453
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability has been identified in the Tenda F453 router, which may allow an attacker to compromise the device's integrity and gain unauthorized access.
Executive Summary:
A high-severity vulnerability in the Tenda F453 router poses a significant risk to network security, potentially allowing for unauthorized system access or control.
Vulnerability Details
CVE-ID: CVE-2026-3377
Affected Software: Tenda F453
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a high-impact flaw within the Tenda F453 firmware. Given the CVSS score, the issue likely resides in the web management interface or a core system service, potentially accessible to an attacker to execute unauthorized commands.
Business Impact
The CVSS score of 8.8 classifies this vulnerability as High severity, indicating a significant risk to business operations. A successful exploit could lead to the total compromise of the network gateway, allowing attackers to intercept sensitive data, perform lateral movement within the internal network, or cause sustained downtime for internet services.
Remediation Plan
Immediate Action: Administrators should immediately apply the latest firmware updates provided by Tenda to remediate this flaw and secure the device.
Proactive Monitoring: Review router access logs for unauthorized login attempts and monitor network traffic for anomalous outbound connections originating from the gateway.
Compensating Controls: Disable remote management features on the router and implement strict Access Control Lists (ACLs) to ensure the management interface is only reachable from trusted internal IP addresses.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and its high severity score, the potential for exploitation by sophisticated actors is high.
Analyst Recommendation
This vulnerability represents a critical threat to the perimeter security of any environment utilizing the Tenda F453. It is highly recommended that IT teams treat this as a priority and apply the necessary vendor patches immediately to mitigate the risk of unauthorized network intrusion.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F453 1
A security vulnerability has been detected in Tenda F453 1
---METADATA---
VENDOR: Tenda
PRODUCT: F453
AFFECTED_VERSIONS: 1
---END_METADATA---
Description Summary:
A security vulnerability has been detected in the Tenda F453 router, version 1, potentially allowing for remote device compromise.
Executive Summary:
The Tenda F453 router is affected by a high-severity vulnerability that could allow attackers to gain unauthorized access to the device or network traffic.
Vulnerability Details
CVE-ID: CVE-2026-3376
Affected Software: Tenda F453
Affected Versions: Version 1
Vulnerability: A security vulnerability has been detected in the Tenda F453 router. For networking hardware, this often relates to vulnerabilities in the web management interface or exposed services that allow for remote command execution or unauthorized configuration changes.
Business Impact
A compromised router allows an attacker to intercept network traffic, launch man-in-the-middle (MitM) attacks, or use the device as a pivot point into the local network. The CVSS score of 8.8 reflects a High severity level, indicating a significant threat to network security and data privacy.
Remediation Plan
Immediate Action: Update the Tenda F453 router firmware to the latest secure version provided by the manufacturer.
Proactive Monitoring: Monitor the router for unauthorized configuration changes and review logs for unusual login attempts from external IP addresses.
Compensating Controls: Disable remote management of the router from the internet and ensure that the management interface is only accessible via a secure, local connection.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. Networking equipment is a high-value target for botnet operators and persistent attackers.
Analyst Recommendation
Users of the Tenda F453 router should immediately check for and apply firmware updates. Ensuring that network infrastructure remains secure is a critical component of overall cybersecurity posture.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda F453 1
A weakness has been identified in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda F453 1
A security flaw has been discovered in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda F453 1
A vulnerability was identified in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F453 1
A vulnerability was determined in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F453 1
A vulnerability was found in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F453 1
A security vulnerability has been detected in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda F453 1
A weakness has been identified in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda F453 1
A security flaw has been discovered in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda F453 1
A vulnerability was identified in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F453 1
A vulnerability was determined in Tenda F453 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC8 16
A vulnerability has been found in Tenda AC8 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda FH451 up to 1
A vulnerability has been found in Tenda FH451 up to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda HG9 300001138
A flaw has been found in Tenda HG9 300001138
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda HG9 300001138
A vulnerability was detected in Tenda HG9 300001138
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda HG9 300001138
A security vulnerability has been detected in Tenda HG9 300001138
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda HG9 300001138
A weakness has been identified in Tenda HG9 300001138
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda HG9 300001138
A security flaw has been discovered in Tenda HG9 300001138
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda HG9 300001138
A vulnerability was identified in Tenda HG9 300001138
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda A21 1
A weakness has been identified in Tenda A21 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda A18 15
A vulnerability has been found in Tenda A18 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda A18 15
A vulnerability was determined in Tenda A18 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda A21 1
A flaw has been found in Tenda A21 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda A21 1
A vulnerability was detected in Tenda A21 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda A21 1
A security vulnerability has been detected in Tenda A21 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda A21 1
A weakness has been identified in Tenda A21 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda A21 1
A security flaw has been discovered in Tenda A21 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda W20E V4 routers are vulnerable to a buffer overflow when processing overly long addDhcpRules data via the sscanf function without proper size va...
Tenda W20E V4 routers are vulnerable to a buffer overflow when processing overly long addDhcpRules data via the sscanf function without proper size validation.
---METADATA---
VENDOR: Tenda
PRODUCT: W20E V4
AFFECTED_VERSIONS: V4.0br_V15.11.0.6
---END_METADATA---
Description Summary:
Tenda W20E V4 routers are vulnerable to a buffer overflow when processing overly long addDhcpRules data via the sscanf function without proper size validation.
Executive Summary:
Unauthenticated attackers can trigger a critical buffer overflow on Tenda W20E V4 routers to achieve remote code execution by sending specifically crafted DHCP rule data.
Vulnerability Details
CVE-ID: CVE-2026-24110
Affected Software: Tenda W20E V4
Affected Versions: V4.0br_V15.11.0.6
Vulnerability: The vulnerability exists in the addDhcpRule function, where the system fails to validate the length of inputs for dhcpsIndex, dhcpsIP, and dhcpsMac. An unauthenticated attacker can provide overly long strings that overflow the allocated buffers during the sscanf operation.
Business Impact
The CVSS score of 9.8 reflects the severity of this flaw, which allows for complete system compromise without user interaction. An attacker could intercept network traffic, redirect users to malicious sites, or use the compromised router as a jump host for internal lateral movement. This poses a direct threat to the organization's primary network infrastructure.
Remediation Plan
Immediate Action: Apply the latest firmware update from Tenda specifically addressing the DHCP rule processing logic.
Proactive Monitoring: Monitor network traffic for malformed HTTP POST requests directed at the router's management endpoints.
Compensating Controls: Implement network segmentation to ensure that compromised IoT or networking devices cannot communicate with sensitive internal servers.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. The technical nature of sscanf-based overflows makes this a highly reliable target for exploit development by sophisticated actors.
Analyst Recommendation
The ability to execute code remotely on a core networking device necessitates immediate remediation. Administrators must prioritize the installation of patched firmware and verify that all internet-facing management services are disabled to minimize the attack surface.
Update Tenda W20E V4 to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A buffer overflow exists in Tenda W20E V4 routers due to improper size validation of the nptr parameter when processed by the getMibPrefix function us...
A buffer overflow exists in Tenda W20E V4 routers due to improper size validation of the nptr parameter when processed by the getMibPrefix function using sprintf.
---METADATA---
VENDOR: Tenda
PRODUCT: W20E V4
AFFECTED_VERSIONS: V4.0br_V15.11.0.6
---END_METADATA---
Description Summary:
A buffer overflow exists in Tenda W20E V4 routers due to improper size validation of the nptr parameter when processed by the getMibPrefix function using sprintf.
Executive Summary:
A critical buffer overflow vulnerability in Tenda W20E V4 routers allows unauthenticated attackers to execute arbitrary code by manipulating the nptr parameter.
Vulnerability Details
CVE-ID: CVE-2026-24108
Affected Software: Tenda W20E V4
Affected Versions: V4.0br_V15.11.0.6
Vulnerability: This vulnerability is a stack-based buffer overflow occurring within the getMibPrefix function. An unauthenticated attacker can control the nptr value, which is concatenated via sprintf without boundary checks, leading to memory corruption and potential remote code execution.
Business Impact
Successful exploitation allows an external actor to gain full administrative control over the networking hardware. Given the CVSS score of 9.8, this represents a critical risk to the confidentiality and integrity of all traffic passing through the router. Organizations may face significant downtime, unauthorized network access, and potential data exfiltration.
Remediation Plan
Immediate Action: Update the Tenda W20E V4 firmware to the latest available version provided by the manufacturer to patch the vulnerable function.
Proactive Monitoring: Review system logs for unusual reboot patterns or unauthorized configuration changes that may indicate exploitation attempts.
Compensating Controls: Restrict access to the router’s management interface to trusted internal IP addresses only and disable remote management over the WAN.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and the lack of authentication required, the potential for exploitation is extremely high once technical details are reverse-engineered.
Analyst Recommendation
This vulnerability poses a severe risk to network perimeter security. We recommend that administrators treat this as a high-priority item and apply the vendor-supplied firmware update immediately. Failure to remediate could allow an attacker to pivot from the router into the internal corporate network.
Update Tenda W20E V4 to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Tenda W20E V4 contains a command injection vulnerability due to the failure to validate the usbPartitionName parameter before it is passed to the doSy...
Tenda W20E V4 contains a command injection vulnerability due to the failure to validate the usbPartitionName parameter before it is passed to the doSystemCmd function.
---METADATA---
VENDOR: Tenda
PRODUCT: W20E V4
AFFECTED_VERSIONS: V4.0br_V15.11.0.6
---END_METADATA---
Description Summary:
Tenda W20E V4 contains a command injection vulnerability due to the failure to validate the usbPartitionName parameter before it is passed to the doSystemCmd function.
Executive Summary:
A critical command injection flaw in Tenda W20E V4 routers allows unauthenticated attackers to execute arbitrary system-level commands via the USB partition management feature.
Vulnerability Details
CVE-ID: CVE-2026-24107
Affected Software: Tenda W20E V4
Affected Versions: V4.0br_V15.11.0.6
Vulnerability: This vulnerability stems from the direct use of the usbPartitionName parameter in a system shell command via doSystemCmd. Because the input is not sanitized, an unauthenticated attacker can inject shell metacharacters to execute arbitrary code with root privileges.
Business Impact
With a CVSS score of 9.8, this vulnerability represents an absolute compromise of the device's security model. An attacker can gain a persistent foothold on the network, disable security features, and access any data stored on attached USB devices. This could lead to significant data breaches and long-term undetected presence within the environment.
Remediation Plan
Immediate Action: Update the device firmware to the latest version to ensure that all inputs to the doSystemCmd function are properly sanitized.
Proactive Monitoring: Audit the router for any unrecognized cron jobs, scripts, or active shell sessions that could indicate a successful breach.
Compensating Controls: Disable USB-related services on the router if they are not required for business operations to eliminate the specific attack vector.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. Command injection flaws are highly sought after by attackers due to their ease of exploitation and high impact.
Analyst Recommendation
Immediate firmware replacement is the only effective way to mitigate this risk. We strongly advise administrators to treat this vulnerability as a top priority and to ensure that no Tenda routers remain exposed to the public internet with outdated software.
Update Tenda W20E V4 to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A command injection vulnerability in Tenda AC15V1 routers exists in the goform/formSetIptv endpoint due to unvalidated input in the s1_1 parameter use...
A command injection vulnerability in Tenda AC15V1 routers exists in the goform/formSetIptv endpoint due to unvalidated input in the s1_1 parameter used in system commands.
---METADATA---
VENDOR: Tenda
PRODUCT: AC15V1
AFFECTED_VERSIONS: V15.03.05.18_multi
---END_METADATA---
Description Summary:
A command injection vulnerability in Tenda AC15V1 routers exists in the goform/formSetIptv endpoint due to unvalidated input in the s1_1 parameter used in system commands.
Executive Summary:
Tenda AC15V1 routers are vulnerable to a critical command injection attack that allows unauthenticated remote actors to gain full system control via the IPTV configuration interface.
Vulnerability Details
CVE-ID: CVE-2026-24101
Affected Software: Tenda AC15V1
Affected Versions: V15.03.05.18_multi
Vulnerability: The vulnerability is located in the goform/formSetIptv handler, where the s1_1 parameter is passed to sub_B0488 and subsequently used in doSystemCmd. The lack of input validation allows an unauthenticated attacker to execute arbitrary OS commands on the device.
Business Impact
The CVSS score of 9.8 highlights the extreme risk associated with this flaw. A successful exploit grants the attacker root-level access, enabling them to monitor all network traffic, install malware, or launch further attacks against internal assets. This compromises the entire security posture of the local network.
Remediation Plan
Immediate Action: Update the Tenda AC15V1 firmware to the latest patched version immediately to resolve the improper input handling.
Proactive Monitoring: Review web server logs for suspicious POST requests to the /goform/formSetIptv endpoint containing shell characters like semicolons or backticks.
Compensating Controls: Use a Web Application Firewall (WAF) or internal firewall rules to block access to the router’s web management interface from untrusted networks.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, the simplicity of exploiting command injection in web forms makes this a high-priority target for automated scanning tools.
Analyst Recommendation
We recommend an immediate update of all affected Tenda AC15V1 devices. Because this vulnerability can be exploited remotely and without authentication, it should be addressed during the next available maintenance window to prevent potential network-wide compromise.
Update Tenda AC15V1 to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda AC8 16
A flaw has been found in Tenda AC8 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC8 16
A vulnerability was detected in Tenda AC8 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda AC9 15
A security vulnerability has been detected in Tenda AC9 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC9 15
A weakness has been identified in Tenda AC9 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda RX3 16
A vulnerability was found in Tenda RX3 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda RX3 16
A vulnerability has been found in Tenda RX3 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda RX3 16
A flaw has been found in Tenda RX3 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda RX3 16
A security flaw has been discovered in Tenda RX3 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda RX3 16
A vulnerability was identified in Tenda RX3 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda TX9 up to 22
A vulnerability was identified in Tenda TX9 up to 22
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda TX9 up to 22
A vulnerability was determined in Tenda TX9 up to 22
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda TX9 up to 22
A vulnerability was found in Tenda TX9 up to 22
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda TX3 up to 16
A vulnerability has been found in Tenda TX3 up to 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon
A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon
A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC21 16
A vulnerability was identified in Tenda AC21 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AX12 Pro V2 16
A vulnerability was found in Tenda AX12 Pro V2 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda AC23 16
A flaw has been found in Tenda AC23 16
Executive Summary:
A high-severity vulnerability, identified as CVE-2026-1420 with a CVSS score of 8.8, has been discovered in multiple products from the vendor "flaw". This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code and gain complete control of an affected system. Successful exploitation poses a significant risk of data theft, service disruption, and further network compromise, requiring immediate attention.
Vulnerability Details
CVE-ID: CVE-2026-1420
Affected Software: flaw Multiple Products
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: This vulnerability is a pre-authentication stack-based buffer overflow. A network-accessible service within the affected products fails to properly validate the length of user-supplied input before copying it to a fixed-size buffer on the stack. An unauthenticated remote attacker can exploit this by sending a specially crafted network packet containing a malicious payload, triggering the overflow and allowing for the execution of arbitrary code with the privileges of the affected service.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit could grant an attacker complete control over the compromised system, leading to severe business consequences. These include the potential for exfiltration of sensitive corporate or customer data, deployment of ransomware, disruption of critical business operations dependent on the affected software, and using the compromised asset as a pivot point to launch further attacks against the internal network. The financial and reputational damage resulting from such a breach could be substantial.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor immediately across all affected systems. Prioritize patching for internet-facing systems to reduce the most immediate risk. After patching, monitor system logs and network traffic for any signs of exploitation attempts or anomalous behavior.
Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for unexpected crashes or restarts of the affected application, unusual outbound network connections, and the execution of suspicious processes. Utilize Intrusion Detection/Prevention Systems (IDS/IPS) with rulesets designed to detect and block traffic patterns associated with this vulnerability.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to mitigate risk. Restrict network access to the vulnerable services to only trusted hosts and networks. Place affected systems behind a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with virtual patching capabilities that can inspect and block malicious exploit traffic.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 26, 2026, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity (CVSS 8.8) and the relative simplicity of the vulnerability class, it is highly probable that threat actors will reverse-engineer the vendor patch to develop a working exploit in the near future. Organizations should operate under the assumption that exploitation is imminent.
Analyst Recommendation
Given the high severity of this vulnerability, immediate and decisive action is required. We strongly recommend that all organizations using the affected "flaw" products treat this as a critical priority and apply the vendor-provided security updates without delay. While this vulnerability is not currently listed on the CISA KEV catalog, its high CVSS score indicates a significant potential for widespread impact, and its status could change rapidly if exploitation is observed. Until systems are patched, the compensating controls outlined above should be implemented to reduce the attack surface and mitigate immediate risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda JD12L 16
A vulnerability was found in Tenda JD12L 16
---METADATA---
VENDOR: Tenda
PRODUCT: JD12L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in Tenda JD12L firmware, which may allow for unauthorized system manipulation.
Executive Summary:
A critical security vulnerability in the Tenda JD12L router firmware exposes the device to potential unauthorized access and compromise.
Vulnerability Details
CVE-ID: CVE-2026-13519
Affected Software: Tenda JD12L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability affects the Tenda JD12L firmware; while specific exploit paths are not detailed, high-severity flaws in this class typically involve improper input validation or authentication bypass.
Business Impact
Exploitation of this vulnerability could grant an attacker control over the router, enabling traffic interception, redirection, or unauthorized access to the internal network. With a CVSS score of 8.8, this issue presents a substantial threat to network integrity and confidentiality, requiring immediate attention to prevent potential breaches.
Remediation Plan
Immediate Action: Verify the device firmware version against the Tenda support website and apply the latest security update as soon as it becomes available.
Proactive Monitoring: Monitor network traffic for unusual patterns and inspect system logs for unauthorized configuration modifications or unexpected reboots.
Compensating Controls: Disable remote management interfaces on the WAN side and restrict management access to secure, local-only connections.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Due to the high CVSS score, this vulnerability should be treated as a priority for all network administrators managing Tenda JD12L hardware. Organizations must monitor vendor announcements for patches and apply updates across all deployed units to mitigate the risk of remote compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda JD12L 16
A vulnerability has been found in Tenda JD12L 16
---METADATA---
VENDOR: Tenda
PRODUCT: JD12L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical security vulnerability has been identified in the Tenda JD12L router, potentially allowing for unauthorized system access or control.
Executive Summary:
The Tenda JD12L router is affected by a high-severity vulnerability that poses a significant risk of unauthorized system compromise.
Vulnerability Details
CVE-ID: CVE-2026-13518
Affected Software: Tenda JD12L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The exact nature of this vulnerability remains opaque; however, it is classified as a high-severity flaw within the device firmware. Given the lack of specific function details, it is assumed that the vulnerability may be triggered by an attacker with network access to the device management interface.
Business Impact
Successful exploitation of this vulnerability could lead to a full compromise of the Tenda JD12L device, resulting in unauthorized access to sensitive network traffic or the potential for lateral movement within the environment. With a CVSS score of 8.8, this flaw represents a substantial threat to network integrity and confidentiality, warranting immediate attention from security teams.
Remediation Plan
Immediate Action: Check the official Tenda support portal for the latest firmware updates and apply them to all affected JD12L units immediately.
Proactive Monitoring: Monitor network traffic for unusual patterns originating from or directed at the management interface of the JD12L router.
Compensating Controls: Restrict access to the device management interface to trusted internal IP addresses only and ensure the device is not exposed directly to the public internet via a firewall.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the high CVSS score, the potential for exploitation is high, and organizations should prioritize securing these devices.
Analyst Recommendation
Given the severity of this vulnerability, immediate remediation is required to mitigate the risk of unauthorized access. Administrators should proactively monitor for firmware updates and implement strict network segmentation to isolate the affected hardware from untrusted network segments until a patch can be verified and applied.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda JD12L 16
A flaw has been found in Tenda JD12L 16
---METADATA---
VENDOR: Tenda
PRODUCT: JD12L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security flaw has been discovered in the Tenda JD12L router firmware that could potentially lead to unauthorized system access.
Executive Summary:
A critical security flaw within the Tenda JD12L firmware presents a high risk of unauthorized access and potential system-level compromise.
Vulnerability Details
CVE-ID: CVE-2026-13517
Affected Software: Tenda JD12L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The flaw resides within the Tenda JD12L firmware, potentially allowing an attacker to bypass security controls or execute unauthorized commands.
Business Impact
A successful exploit could allow an attacker to gain unauthorized access to the router's configuration, potentially resulting in data exfiltration or the use of the device as a pivot point for further network infiltration. The CVSS score of 8.8 underscores the urgency of addressing this vulnerability to prevent long-term reputational and operational damage.
Remediation Plan
Immediate Action: Identify all Tenda JD12L devices within the network and apply the latest firmware updates provided by the vendor.
Proactive Monitoring: Regularly review device logs for suspicious activity or unauthorized administrative access attempts originating from external or internal sources.
Compensating Controls: Implement strict firewall egress and ingress filtering to minimize the attack surface of the affected hardware until a patch is applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a significant security risk for Tenda JD12L users. Organizations should act proactively by applying the latest firmware patches provided by Tenda and ensuring that all network devices are hardened against unauthorized management access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda JD12L 16
A vulnerability was detected in Tenda JD12L 16
---METADATA---
VENDOR: Tenda
PRODUCT: JD12L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been detected in the Tenda JD12L router, requiring immediate investigation and remediation to prevent potential exploitation.
Executive Summary:
The Tenda JD12L router is impacted by a high-severity security vulnerability that could lead to unauthorized system control.
Vulnerability Details
CVE-ID: CVE-2026-13516
Affected Software: Tenda JD12L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Tenda JD12L firmware and poses a significant security risk. While technical details are pending, such flaws in network appliances often involve improper validation of input or authentication logic within the device’s administrative interface.
Business Impact
The potential for unauthorized access to network infrastructure makes this a high-risk issue for any organization utilizing the Tenda JD12L. A CVSS score of 8.8 indicates that the vulnerability could be leveraged to gain administrative control over the device, leading to full network compromise or data interception.
Remediation Plan
Immediate Action: Verify the firmware version of all deployed JD12L devices and apply the latest security patches provided by Tenda.
Proactive Monitoring: Review device access logs for unauthorized attempts to access administrative configurations or unusual authentication activity.
Compensating Controls: Implement an external firewall or Access Control List (ACL) to restrict access to the device management interface to authorized administrative workstations only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams must treat this vulnerability with high urgency by identifying all vulnerable Tenda JD12L units within their perimeter. Applying the vendor-supplied firmware update is the only definitive way to mitigate this risk, and it should be performed during the next available maintenance window.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda JD12L 16
A security vulnerability has been detected in Tenda JD12L 16
---METADATA---
VENDOR: Tenda
PRODUCT: JD12L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been detected in the Tenda JD12L router, which requires immediate attention to protect network integrity.
Executive Summary:
A high-severity vulnerability in the Tenda JD12L router poses a serious risk to network security and administrative control.
Vulnerability Details
CVE-ID: CVE-2026-13515
Affected Software: Tenda JD12L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability resides within the Tenda JD12L firmware, potentially allowing an attacker to bypass security controls. The vulnerability type suggests a risk of unauthorized command execution or configuration modification if the management interface is exposed.
Business Impact
The CVSS score of 8.8 reflects the high probability of successful exploitation and the severe impact on organizational security. A breach of this nature could result in the total compromise of the affected router, allowing attackers to intercept or redirect traffic, thus severely impacting business operations and data privacy.
Remediation Plan
Immediate Action: Update all Tenda JD12L devices to the most recent firmware version provided by the manufacturer.
Proactive Monitoring: Audit logs for suspicious or unauthorized access to the device management interface and watch for unexpected configuration changes.
Compensating Controls: Utilize a Web Application Firewall or network-level restrictions to prevent unauthorized access to the router's management panel from external or untrusted sources.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The high-severity rating of this vulnerability necessitates a proactive and urgent response. Administrators should prioritize patching the Tenda JD12L routers immediately and ensure that all management interfaces are properly hardened against unauthorized access to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda AX1803 1
A flaw has been found in Tenda AX1803 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda F451 1
A weakness has been identified in Tenda F451 1
---METADATA---
VENDOR: Tenda
PRODUCT: F451
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security weakness has been identified in the Tenda F451 router, which may impact the security of the device and its network.
Executive Summary:
A high-severity vulnerability in the Tenda F451 router creates a significant risk of unauthorized device access and potential network security compromise.
Vulnerability Details
CVE-ID: CVE-2026-11557
Affected Software: Tenda F451
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This weakness in the Tenda F451 firmware may allow an attacker to exploit the device, potentially resulting in unauthorized administrative access. The technical details of the vulnerability are being reviewed to assess the full scope of potential impact.
Business Impact
A successful exploit could allow an attacker to manipulate the router's configuration, leading to severe security risks such as man-in-the-middle attacks or complete loss of network control. The 8.8 CVSS score reflects the high potential for significant business impact, including unauthorized access to sensitive internal data.
Remediation Plan
Immediate Action: Apply the latest security updates from Tenda as soon as they become available for the F451 model.
Proactive Monitoring: Keep a close watch on system logs for any unusual behavior or unauthorized modifications to the device's settings.
Compensating Controls: Employ a Web Application Firewall (WAF) or similar network security tool to monitor and filter traffic directed at the router's management interface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high-severity rating, we strongly urge administrators to prioritize patching the Tenda F451. If an update is not immediately available, restrict access to the device's management interfaces to prevent potential exploitation until a formal patch is released.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda F451 1
A security flaw has been discovered in Tenda F451 1
---METADATA---
VENDOR: Tenda
PRODUCT: F451
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security flaw has been identified in the Tenda F451 router, necessitating immediate attention to ensure device integrity.
Executive Summary:
A high-severity security flaw in the Tenda F451 router could allow an attacker to compromise the device and jeopardize the security of the internal network.
Vulnerability Details
CVE-ID: CVE-2026-11556
Affected Software: Tenda F451
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the firmware of the Tenda F451, potentially enabling an attacker to perform unauthorized operations. The exact nature of the flaw is currently being evaluated to determine the potential for remote code execution or authentication bypass.
Business Impact
Exploitation of this vulnerability could grant an attacker elevated privileges on the gateway, allowing for traffic manipulation and potential compromise of connected systems. Given the CVSS score of 8.8, the vulnerability poses a substantial risk to the organization's overall network security infrastructure.
Remediation Plan
Immediate Action: Proactively check for and apply firmware updates provided by Tenda to remediate this vulnerability.
Proactive Monitoring: Monitor device logs for any signs of unexpected configuration changes or unauthorized login attempts.
Compensating Controls: Isolate the management interface of the F451 router from external access and limit access to trusted internal personnel.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations using the Tenda F451 must treat this vulnerability as a priority. We recommend an immediate review of firmware status and the implementation of restrictive access controls until a permanent fix is verified and deployed.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon
---METADATA---
VENDOR: Tenda
PRODUCT: HG7, HG9, and HG10
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in Tenda HG7, HG9, and HG10 series gateways, potentially impacting network security.
Executive Summary:
A high-severity vulnerability affecting multiple Tenda HG-series gateways presents a critical risk to internal network security and device control.
Vulnerability Details
CVE-ID: CVE-2026-11553
Affected Software: Tenda HG7, HG9, and HG10
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability resides within the firmware of the specified Tenda gateways, potentially allowing for unauthorized exploitation. The flaw requires immediate investigation to determine the exact attack vector and required authentication levels.
Business Impact
The potential for unauthorized device control poses a risk to all connected network resources, potentially leading to data breaches or unauthorized network access. With a CVSS score of 8.8, the vulnerability is considered critical and requires prompt mitigation to prevent potential exploitation.
Remediation Plan
Immediate Action: Immediately review the Tenda support portal for updated firmware versions for the HG7, HG9, and HG10 models and apply patches as they are released.
Proactive Monitoring: Maintain vigilance by reviewing network traffic logs for suspicious outbound connections originating from the gateway devices.
Compensating Controls: If patching is delayed, restrict administrative access to the devices and ensure they are not exposed to the public internet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams should treat this vulnerability with high priority. We recommend consistent monitoring of the Tenda vendor site for security updates and implementing restrictive access policies to minimize the attack surface until the vulnerability is fully remediated.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC18 15
A vulnerability was found in Tenda AC18 15
---METADATA---
VENDOR: Tenda
PRODUCT: AC18
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the Tenda AC18 router, potentially impacting device security and network integrity.
Executive Summary:
A high-severity vulnerability in the Tenda AC18 router exposes users to significant risks of unauthorized access and potential control of the networking hardware.
Vulnerability Details
CVE-ID: CVE-2026-11528
Affected Software: Tenda AC18
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This flaw affects the firmware of the Tenda AC18, potentially allowing an attacker to bypass security constraints and execute unauthorized actions. The specific entry point and authentication requirements are currently being analyzed by the vendor.
Business Impact
Successful exploitation could result in full device compromise, allowing attackers to manipulate network traffic, redirect users, or access sensitive configuration data. The CVSS score of 8.8 underscores the severity, indicating that this vulnerability could be leveraged to cause substantial damage to network security posture.
Remediation Plan
Immediate Action: Monitor the Tenda support website for firmware updates and apply them to all AC18 devices as soon as they become available.
Proactive Monitoring: Inspect system logs for signs of anomalous traffic or unauthorized attempts to access the administrative web interface.
Compensating Controls: Implement strict firewall rules to block unsolicited inbound connections to the router's management ports.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Network administrators must prioritize the security of their Tenda AC18 deployments. We strongly recommend applying the necessary firmware updates upon release and ensuring that administrative access is restricted to known-secure management workstations.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda W20E 15
A vulnerability has been found in Tenda W20E 15
---METADATA---
VENDOR: Tenda
PRODUCT: W20E
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical security vulnerability has been identified in the Tenda W20E router, requiring immediate attention from network administrators.
Executive Summary:
A high-severity vulnerability in the Tenda W20E router poses a significant risk of unauthorized system compromise and potential network disruption.
Vulnerability Details
CVE-ID: CVE-2026-11524
Affected Software: Tenda W20E
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a critical flaw in the device's firmware, though specific technical parameters remain under investigation. Given the nature of these devices, the risk profile assumes an attacker may achieve unauthorized access or code execution.
Business Impact
The exploitation of this vulnerability could allow an attacker to gain unauthorized control over the network gateway, leading to potential data interception, lateral movement within the corporate network, or complete service outages. With a CVSS score of 8.8, this flaw represents a significant threat to operational continuity and the confidentiality of internal network traffic.
Remediation Plan
Immediate Action: Check the Tenda support portal for the latest firmware release and apply the update to all affected W20E units immediately.
Proactive Monitoring: Review device management access logs for unusual login patterns or unauthorized configuration changes.
Compensating Controls: Restrict management interface access to trusted internal IP addresses and disable remote administration features until the patch is applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, administrators should treat this vulnerability with extreme urgency. Applying the vendor-provided firmware update is the only definitive way to mitigate this risk; if a patch is not yet available, isolating the affected device from public-facing segments is strongly advised.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda W20E 15
A flaw has been found in Tenda W20E 15
---METADATA---
VENDOR: Tenda
PRODUCT: W20E
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security flaw has been found in the Tenda W20E router, potentially exposing the device to unauthorized access.
Executive Summary:
A high-severity vulnerability found in the Tenda W20E router requires immediate attention to protect against potential network compromise.
Vulnerability Details
CVE-ID: CVE-2026-11523
Affected Software: Tenda W20E
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: A vulnerability exists in the Tenda W20E firmware. This type of flaw typically requires urgent attention to prevent attackers from exploiting potential weaknesses in the device's security architecture.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a high risk to business operations. Exploitation could allow an attacker to gain unauthorized control of the network, compromising the confidentiality and integrity of all traffic passing through the affected W20E device.
Remediation Plan
Immediate Action: Apply the vendor-provided security update immediately upon its release to remediate the vulnerability.
Proactive Monitoring: Monitor network traffic for unusual activity originating from or directed toward the affected routing hardware.
Compensating Controls: Disable remote management features and restrict access to the device's administration interface to authorized personnel only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
It is critical that security teams treat this high-severity vulnerability with the necessary urgency. Ensure all Tenda W20E units are updated as soon as a fix is available to prevent unauthorized access and maintain a secure network environment.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda W20E 15
A vulnerability was detected in Tenda W20E 15
---METADATA---
VENDOR: Tenda
PRODUCT: W20E
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability has been detected in the Tenda W20E router, which may allow for unauthorized system interaction.
Executive Summary:
A high-severity vulnerability identified in the Tenda W20E router presents a significant risk to organizational network security.
Vulnerability Details
CVE-ID: CVE-2026-11522
Affected Software: Tenda W20E
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a critical flaw in the Tenda W20E firmware. Such vulnerabilities often permit unauthorized actors to bypass security controls or execute arbitrary commands.
Business Impact
The CVSS score of 8.8 reflects the high severity and potential business impact of this vulnerability. Compromise of routing hardware like the W20E can facilitate large-scale network disruption, unauthorized access to internal resources, and long-term damage to the organization’s security posture.
Remediation Plan
Immediate Action: Update Tenda W20E firmware to the latest version as soon as a patch is released by the vendor.
Proactive Monitoring: Audit device logs for unauthorized administrative logins and unexplained changes to device settings.
Compensating Controls: Use firewall rules to restrict access to the W20E management interface, ensuring it is only accessible from an isolated management network.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Administrators are advised to monitor the Tenda security advisory page closely. Given the high-severity rating, immediate patching is necessary to mitigate the risk of compromise once an update is available.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda CX12L 16
A vulnerability was detected in Tenda CX12L 16
---METADATA---
VENDOR: Tenda
PRODUCT: CX12L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability has been detected in the Tenda CX12L router that could potentially compromise the device’s integrity.
Executive Summary:
A high-severity vulnerability in the Tenda CX12L router poses a serious threat, requiring prompt mitigation to ensure network security.
Vulnerability Details
CVE-ID: CVE-2026-11504
Affected Software: Tenda CX12L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Tenda CX12L firmware. The nature of the flaw indicates a significant weakness that could be leveraged by an attacker to gain unauthorized control over the device.
Business Impact
The CVSS score of 8.8 underscores the high severity of this issue. If exploited, an attacker could gain administrative privileges, potentially leading to total loss of device control, network monitoring, or the implementation of malicious persistence mechanisms within the infrastructure.
Remediation Plan
Immediate Action: Apply official firmware updates provided by Tenda as soon as they become available.
Proactive Monitoring: Maintain continuous monitoring of network traffic flows and device management logs to detect any signs of exploitation.
Compensating Controls: Implement network segmentation and disable all external-facing management ports to reduce the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Urgent action is recommended to mitigate this high-severity risk. Organizations should prioritize updating their Tenda CX12L hardware and reviewing security configurations to defend against potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda CX12L 16
A security vulnerability has been detected in Tenda CX12L 16
---METADATA---
VENDOR: Tenda
PRODUCT: CX12L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been detected in the Tenda CX12L router, which may expose the device to unauthorized exploitation.
Executive Summary:
A high-severity security vulnerability in the Tenda CX12L router necessitates immediate attention to prevent potential unauthorized system access.
Vulnerability Details
CVE-ID: CVE-2026-11503
Affected Software: Tenda CX12L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: A security flaw exists within the Tenda CX12L firmware. The lack of specific technical details suggests a potential for remote code execution or authentication bypass, requiring users to exercise caution regarding device exposure.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a substantial risk to business continuity. Unauthorized access to network routing hardware can lead to severe consequences, including the exfiltration of sensitive data and the loss of command over critical network infrastructure.
Remediation Plan
Immediate Action: Check the Tenda support portal for firmware updates and deploy all available patches to affected CX12L devices.
Proactive Monitoring: Inspect system logs for irregular traffic patterns or anomalous authentication requests targeting the management interface.
Compensating Controls: Restrict management access to the CX12L to trusted internal IP addresses only and disable unnecessary remote management features.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, given the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams must treat this high-severity vulnerability with urgency. Ensure all Tenda CX12L devices are patched as soon as the vendor provides updates to prevent potential compromise of the network perimeter.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda networking devices contain a stack-based buffer overflow vulnerability in the `formDOMAINBLK` function, allowing remote attackers to trigger a c...
Tenda networking devices contain a stack-based buffer overflow vulnerability in the `formDOMAINBLK` function, allowing remote attackers to trigger a crash or execute arbitrary code.
---METADATA---
VENDOR: Tenda
PRODUCT: HG7HG9 and HG10
AFFECTED_VERSIONS: Tenda HG7HG9 and HG10 devices with firmware 300001138_en_xpon
---END_METADATA---
Description Summary:
Tenda networking devices contain a stack-based buffer overflow vulnerability in the formDOMAINBLK function, allowing remote attackers to trigger a crash or execute arbitrary code.
Executive Summary:
A remotely exploitable stack-based buffer overflow in Tenda networking hardware allows unauthenticated attackers to compromise device integrity or cause a denial of service.
Vulnerability Details
CVE-ID: CVE-2026-11499
Affected Software: Tenda HG7HG9 and HG10
Affected Versions: Tenda HG7HG9 and HG10 devices with firmware 300001138_en_xpon
Vulnerability: The vulnerability is caused by improper handling of the blkDomain argument within the /boaform/formDOMAINBLK file. This flaw is remotely exploitable without authentication, potentially allowing attackers to execute arbitrary code or force a device reboot.
Business Impact
The CVSS score of 9.8 highlights the severity of this vulnerability. Because it affects networking hardware, successful exploitation could lead to total loss of network availability, unauthorized interception of traffic, or the use of the device as a pivot point into the local network.
Remediation Plan
Immediate Action: Check the Tenda support website for firmware updates and apply the latest available version to address the buffer overflow.
Proactive Monitoring: Monitor network traffic for malformed or unusually large packets directed at the web management interface of the affected Tenda devices.
Compensating Controls: Disable remote management of the device via the WAN interface and restrict access to the web management portal to trusted internal management subnets.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Jun 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This is a critical vulnerability for edge networking equipment. Administrators should apply the necessary firmware updates as soon as they are made available to prevent unauthorized remote access to their network infrastructure.
Update Tenda HG7HG9 and to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon
---METADATA---
VENDOR: Tenda
PRODUCT: HG7HG9 and HG10
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability has been identified in Tenda HG7HG9 and HG10 routers, potentially allowing unauthorized system access.
Executive Summary:
A high-severity vulnerability in Tenda HG7HG9 and HG10 routers poses a significant risk of unauthorized access to network infrastructure.
Vulnerability Details
CVE-ID: CVE-2026-11498
Affected Software: Tenda HG7HG9 and HG10
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a flaw in the affected Tenda networking hardware. While specific technical details are limited, such issues often involve improper input validation or authentication bypass mechanisms.
Business Impact
The identified vulnerability carries a CVSS score of 8.8, indicating a high risk to organizational security. Successful exploitation could lead to full device compromise, allowing attackers to intercept network traffic, modify configurations, or pivot into internal segments, causing significant operational downtime and data breaches.
Remediation Plan
Immediate Action: Monitor official Tenda support channels for firmware updates and apply them immediately upon release.
Proactive Monitoring: Review device management logs for unauthorized access attempts or unusual configuration changes.
Compensating Controls: Isolate affected devices from public-facing networks and implement strict Access Control Lists (ACLs) to limit management interface access.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the high CVSS score and the critical nature of networking hardware, the potential for exploitation is significant.
Analyst Recommendation
Given the high severity of this vulnerability, administrators should prioritize the identification of affected hardware within their environment. Apply vendor-provided security patches immediately to mitigate the risk of unauthorized access and maintain network integrity.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda W12 3
A vulnerability was identified in Tenda W12 3
---METADATA---
VENDOR: Tenda
PRODUCT: W12
AFFECTED_VERSIONS: Tenda W12 3.0.0.7(4763)
---END_METADATA---
Description Summary:
A stack-based buffer overflow in the Tenda W12 web server component allows remote, unauthenticated attackers to execute arbitrary code or crash the system via malicious input.
Executive Summary:
A critical stack-based buffer overflow in the Tenda W12 web server allows remote, unauthenticated attackers to gain system control, with active exploitation observed in the wild.
Vulnerability Details
CVE-ID: CVE-2026-10192
Affected Software: Tenda W12
Affected Versions: Tenda W12 3.0.0.7(4763)
Vulnerability: This is a stack-based buffer overflow vulnerability located in the set_local_time_0 function of the /bin/httpd web server. The flaw stems from insufficient input validation of the 'Time' argument, allowing an unauthenticated remote attacker to overwrite stack memory.
Business Impact
The CVSS score of 8.8 (High) accurately reflects the significant risk this vulnerability poses to business operations. Successful exploitation can lead to full system compromise, unauthorized data access, and potential lateral movement within the network. The fact that this is a remote, unauthenticated exploit significantly increases the likelihood of a successful attack against exposed infrastructure.
Remediation Plan
Immediate Action: Update Tenda W12 firmware to the latest available version provided by the manufacturer. If an update is not yet available, restrict access to the web management interface to trusted internal networks only.
Proactive Monitoring: Review system and web server access logs for anomalous requests, particularly those containing long or malformed strings directed toward time-setting functions.
Compensating Controls: Implement a Web Application Firewall (WAF) to inspect and block malformed HTTP requests containing suspicious 'Time' parameter inputs.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of June 1, 2026, active exploitation of this vulnerability has been confirmed in the wild. The availability of a public exploit significantly lowers the barrier to entry for attackers.
Analyst Recommendation
Given the confirmed active exploitation and the severity of this remote code execution vulnerability, immediate mitigation is required. Organizations using the affected Tenda W12 device should prioritize patching and ensure that management interfaces are not exposed to the public internet.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda W12 3
A vulnerability was determined in Tenda W12 3
---METADATA---
VENDOR: Tenda
PRODUCT: W12
AFFECTED_VERSIONS: Tenda W12 3.0.0.7(4763)
---END_METADATA---
Description Summary:
A vulnerability in Tenda W12 3.0.0.7(4763) has been identified, requiring attention to maintain device security.
Executive Summary:
A high-severity vulnerability in Tenda W12 firmware poses a risk to device integrity and requires immediate attention from administrators.
Vulnerability Details
CVE-ID: CVE-2026-10191
Affected Software: Tenda W12
Affected Versions: Tenda W12 3.0.0.7(4763)
Vulnerability: A vulnerability has been identified in the W12 firmware version 3.0.0.7(4763). While specific technical details are limited, it is categorized as a high-severity flaw requiring firmware updates.
Business Impact
With a CVSS score of 8.8, the vulnerability is highly dangerous. Failure to address this could lead to unauthorized access, control, or degradation of the networking equipment, potentially impacting business operations.
Remediation Plan
Immediate Action: Check the Tenda website for the latest firmware release and apply it to all affected W12 devices.
Proactive Monitoring: Observe device performance and connectivity for any signs of unauthorized manipulation.
Compensating Controls: Ensure the management interface is protected behind a secure network perimeter and access is strictly limited.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams should treat this vulnerability with high urgency. Apply all available firmware updates provided by Tenda to ensure that known security gaps in the W12 model are closed.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda W12 3
A vulnerability has been found in Tenda W12 3
---METADATA---
VENDOR: Tenda
PRODUCT: W12
AFFECTED_VERSIONS: Tenda W12 3.0.0.7(4763)
---END_METADATA---
Description Summary:
A stack-based buffer overflow in the Tenda W12 cgiSysTimeInfoSet function allows remote code execution via the 'sec' argument.
Executive Summary:
A critical stack-based buffer overflow in Tenda W12 firmware enables remote attackers to execute arbitrary code and fully compromise the device.
Vulnerability Details
CVE-ID: CVE-2026-10189
Affected Software: Tenda W12
Affected Versions: Tenda W12 3.0.0.7(4763)
Vulnerability: The cgiSysTimeInfoSet function in /bin/httpd is vulnerable to a stack-based buffer overflow triggered by manipulating the 'sec' argument. This allows remote attackers to overwrite memory and execute arbitrary code.
Business Impact
The CVSS score of 8.8 reflects the high risk of this critical vulnerability. A compromised router can be used to monitor network traffic, perform man-in-the-middle attacks, or serve as a launchpad for broader network intrusions.
Remediation Plan
Immediate Action: Update the firmware on all Tenda W12 devices to the latest available version.
Proactive Monitoring: Monitor device logs and network traffic for suspicious activity related to time setting requests or interface access.
Compensating Controls: Implement strict firewall rules to prevent unauthorized access to the router's web management interface.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of June 1, 2026, public exploit information is available for this vulnerability. Immediate remediation is required to mitigate the risk of remote compromise.
Analyst Recommendation
Given the availability of public exploits and the critical nature of this flaw, administrators must prioritize firmware updates for all Tenda W12 units. Ensure the device management interface is not exposed to the internet.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda W12 3
A flaw has been found in Tenda W12 3
---METADATA---
VENDOR: Tenda
PRODUCT: W12
AFFECTED_VERSIONS: Tenda W12 3.0.0.7(4763)
---END_METADATA---
Description Summary:
A stack-based buffer overflow in the Tenda W12 cgistaKickOff function allows remote code execution via the 'staMac' argument.
Executive Summary:
A critical stack-based buffer overflow in Tenda W12 firmware allows remote attackers to execute arbitrary code with elevated privileges.
Vulnerability Details
CVE-ID: CVE-2026-10188
Affected Software: Tenda W12
Affected Versions: Tenda W12 3.0.0.7(4763)
Vulnerability: A stack-based overflow exists in the cgistaKickOff function within the /bin/httpd file. An attacker can trigger this by providing a specially crafted 'staMac' argument to the web interface, leading to memory corruption and potential code execution.
Business Impact
With a CVSS score of 8.8, this is a critical vulnerability. Successful exploitation grants an attacker full control over the affected Tenda W12 device, potentially allowing them to intercept traffic, pivot into internal networks, or launch further attacks.
Remediation Plan
Immediate Action: Apply the latest firmware update provided by Tenda to resolve the buffer overflow issue.
Proactive Monitoring: Monitor network traffic for unusual requests directed at the device's web administration interface.
Compensating Controls: Restrict access to the web administration interface to trusted internal IP addresses and disable remote management features.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of June 1, 2026, there is public information confirming the existence of exploit code. The criticality of this vulnerability necessitates immediate remediation.
Analyst Recommendation
This vulnerability is highly critical and exposed to active exploitation. All Tenda W12 devices should be updated to the latest firmware immediately, and the web management interface should be isolated from the public internet.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC23 16
A weakness has been identified in Tenda AC23 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda CH22 1
A vulnerability was identified in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda CH22 1
A vulnerability was determined in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC20 16
A weakness has been identified in Tenda AC20 16
Executive Summary:
A high-severity vulnerability has been identified in certain Tenda network devices, allowing a remote, unauthenticated attacker to gain complete control over the affected product. Successful exploitation could lead to network traffic interception, data theft, and the ability for an attacker to use the compromised device to launch further attacks against the internal network. Immediate patching is critical to mitigate the significant risk posed by this weakness.
Vulnerability Details
CVE-ID: CVE-2025-9791
Affected Software: Tenda AC20 and potentially other products
Affected Versions: Tenda AC20 firmware version 16.x. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is a command injection flaw in the web-based management interface of the Tenda AC20 router. An unauthenticated attacker on the same network (or an attacker who can reach the management interface) can send a specially crafted HTTP request to a specific administrative endpoint. The device fails to properly sanitize user-supplied input within this request, allowing the attacker to inject and execute arbitrary operating system commands with root-level privileges, resulting in a complete compromise of the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation of this flaw could have a severe impact on business operations. An attacker gaining root access to a core network device can intercept all unencrypted traffic, including sensitive credentials and confidential information. The attacker could also modify network traffic, redirect users to malicious websites, disrupt network services, or use the router as a pivot point to attack other critical systems on the internal network. Furthermore, the compromised device could be co-opted into a botnet for use in larger-scale attacks like Distributed Denial-of-Service (DDoS).
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately across all affected devices. Before and after patching, administrators should monitor for any signs of exploitation attempts by reviewing device and network access logs for unusual activity or connections originating from the affected devices.
Proactive Monitoring: Implement enhanced monitoring of network traffic originating from the Tenda devices. Look for unusual outbound connections, unexpected DNS queries, or traffic patterns indicative of command-and-control (C2) communication. Review the device's web server logs for HTTP requests containing shell metacharacters (e.g., ;, |, &&, $()) or other suspicious command strings.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 1, 2025, there are no publicly available proof-of-concept exploits or observed in-the-wild exploitation campaigns targeting this vulnerability. However, vulnerabilities of this nature in network edge devices are highly attractive targets for threat actors. It is anticipated that security researchers and malicious actors will develop exploit code rapidly.
Analyst Recommendation
Given the high CVSS score of 8.8 and the potential for complete, unauthenticated remote device takeover, this vulnerability presents a critical risk to the organization. Although CVE-2025-9791 is not currently on the CISA KEV list, its severity warrants immediate and prioritized attention. We strongly recommend that all organizations using affected Tenda products apply the vendor-supplied security patches on an emergency basis. For systems that cannot be patched immediately, the compensating controls listed above should be implemented without delay to mitigate the risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetPa...
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument...
Executive Summary:
A critical vulnerability has been discovered in Tenda AC21 and AC23 routers that could allow a remote, unauthenticated attacker to execute arbitrary code and take full control of the affected device.
Vulnerability Details
CVE-ID: CVE-2025-9605
Affected Software: Tenda AC21 and AC23
Affected Versions: 16.03.08.16
Vulnerability: The vulnerability exists within the GetParentControlInfo function accessible via the /goform/GetParentControlInfo endpoint. An unauthenticated remote attacker can send a specially crafted request with a manipulated argument to trigger an unspecified flaw, likely leading to remote code execution.
Business Impact
With a CVSS score of 9.8 (Critical), this vulnerability represents a severe risk to network security. A successful exploit would grant an attacker complete control over the router, allowing them to intercept network traffic, access connected devices, launch further attacks against the internal network, or use the device as part of a botnet. This could lead to significant data breaches and operational disruption.
Remediation Plan
Immediate Action: Immediately update the firmware on all affected Tenda AC21 and AC23 devices to the latest version provided by the vendor.
Proactive Monitoring: Review router logs for any unusual requests to the /goform/GetParentControlInfo endpoint. Monitor network traffic for signs of compromise or communication with known malicious command-and-control servers.
Compensating Controls: If patching is not immediately possible, restrict access to the device's management interface from the internet and untrusted networks.
Exploitation Status
Public Exploit Available: unknown
Analyst Notes: As of Aug 29, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the critical severity and the prevalence of these devices, the development of a public exploit is highly probable.
Analyst Recommendation
The critical nature of this vulnerability warrants immediate attention. The potential for a complete network compromise is extremely high. Administrators are strongly advised to prioritize the deployment of the vendor-supplied firmware update to all affected Tenda routers without delay to mitigate this risk.
Update A security vulnerability has been detected in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The...
A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-...
Executive Summary:
A critical vulnerability has been identified in multiple Tenda networking products, carrying a CVSS score of 9.8. This flaw allows an unauthenticated attacker on the same network to execute arbitrary code and gain complete control over an affected device by sending a specially crafted request. Successful exploitation could lead to a full network compromise, data theft, and the use of the device in further attacks.
Vulnerability Details
CVE-ID: CVE-2025-9523
Affected Software: Tenda Multiple Products
Affected Versions: Tenda AC1206 firmware version 15.03.06.23 is confirmed to be vulnerable. Other products and versions may also be affected. See vendor advisory for specific affected versions.
Vulnerability: This vulnerability is a pre-authentication stack-based buffer overflow in the web management interface. It exists within the GetParentControlInfo function, which is accessible via the /goform/GetParentControlInfo endpoint. An unauthenticated attacker can send a crafted HTTP request with an overly long value in the mac argument. The application fails to properly validate the length of this input, leading to a buffer overflow on the stack, which can be leveraged to crash the device or, more severely, achieve remote code execution with root privileges.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation by an unauthenticated attacker allows for a complete takeover of the affected networking device. This could lead to severe business disruption, including the interception and redirection of all network traffic, compromise of internal network segments, and data exfiltration. A compromised router can serve as a persistent pivot point for attackers to launch further attacks against other systems within the organization's network and can be co-opted into a botnet for use in external attacks like DDoS campaigns.
Remediation Plan
Immediate Action: Update all affected Tenda devices to the latest firmware version as recommended by the vendor. After patching, monitor for any signs of exploitation attempts by reviewing web access logs for suspicious activity targeting the vulnerable endpoint that may have occurred prior to the update.
Proactive Monitoring:
/goform/GetParentControlInfo endpoint, specifically looking for requests containing an abnormally long value in the mac parameter.Compensating Controls:
/goform/GetParentControlInfo endpoint.Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 27, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity (CVSS 9.8) and the relative simplicity of exploiting stack-based buffer overflows in embedded devices, it is highly probable that a functional proof-of-concept exploit will be developed and published by security researchers or threat actors in the near future.
Analyst Recommendation
Given the critical severity of this vulnerability, immediate action is required. All organizations using affected Tenda products must prioritize the deployment of vendor-supplied firmware updates to mitigate the risk of a full network compromise. Although this vulnerability is not currently listed on the CISA KEV catalog, its high impact and the widespread deployment of these devices make it a likely candidate for future inclusion. If patching cannot be performed immediately, the compensating controls listed above should be implemented as a matter of urgency to reduce the attack surface.
Update A vulnerability was detected in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda CH22 1
A flaw has been found in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda M3 1
A vulnerability has been found in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda M3 1
A flaw has been found in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda i22 1
A vulnerability was detected in Tenda i22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC20 16
A vulnerability was determined in Tenda AC20 16
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-9089, has been discovered in multiple Tenda products, specifically confirmed in the Tenda AC20 router. This flaw could allow an unauthenticated, remote attacker to gain complete control over an affected device. Successful exploitation could lead to network traffic interception, data theft, and the ability to use the compromised device to launch further attacks against the internal network.
Vulnerability Details
CVE-ID: CVE-2025-9089
Affected Software: Tenda Multiple Products
Affected Versions: The Tenda AC20 with firmware version 16 is confirmed to be affected. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: This vulnerability is a critical flaw, likely a command injection or buffer overflow within the device's web management interface. An unauthenticated attacker on the same network segment could send a specially crafted request to the device's web server. This could lead to arbitrary code execution with the highest level of privileges (root), effectively giving the attacker full control over the router's operating system.
Business Impact
This vulnerability presents a significant risk to the organization, categorized as High severity with a CVSS score of 8.8. Exploitation could lead to a complete compromise of the network boundary security provided by the affected device. Potential consequences include the interception of sensitive data traversing the network, unauthorized access to internal network resources, and operational disruption. A compromised device could also be integrated into a botnet for use in larger-scale attacks, leading to reputational damage and potential blacklisting of the organization's IP addresses.
Remediation Plan
Immediate Action: Apply vendor security updates immediately. Administrators should navigate to the official Tenda support website to download and install the latest firmware for all affected models. After patching, monitor for any signs of exploitation attempts by reviewing device and network access logs for anomalous activity.
Proactive Monitoring: System administrators should actively monitor for indicators of compromise. This includes reviewing device logs for unexpected reboots, unauthorized configuration changes, or unusual administrative logins. Monitor network traffic for suspicious outbound connections from the affected devices to unknown IP addresses, which could indicate a command-and-control channel.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 17, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity score, it is highly probable that threat actors will reverse-engineer the vendor patch to develop a functional exploit. The window for safe remediation is likely to be short.
Analyst Recommendation
Given the high CVSS score of 8.8 and the potential for complete system compromise, this vulnerability requires immediate attention. Although not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future exploitation. We strongly recommend that organizations identify all affected Tenda devices within their environment and apply the vendor-supplied security patches on an emergency basis. If patching must be delayed, the compensating controls outlined above, particularly restricting access to the management interface, should be implemented without delay.
A vulnerability was found in Tenda AC20 16
A vulnerability was found in Tenda AC20 16
Executive Summary:
A high-severity vulnerability has been identified in Tenda networking equipment, which could allow an unauthenticated attacker on the local network to gain complete control over the affected device. Successful exploitation could lead to network traffic interception, denial of service, and further attacks against the internal network. Organizations are urged to apply vendor-supplied security updates immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-9088
Affected Software: Tenda AC20 (and potentially other models sharing the same firmware base)
Affected Versions: Firmware version 16.03.07.16. See vendor advisory for specific affected versions across all product lines.
Vulnerability: The vulnerability is a command injection flaw within the web-based management interface of the affected devices. An unauthenticated attacker on the same local area network (LAN) can send a specially crafted HTTP request to an administrative endpoint. A specific parameter within this request is not properly sanitized before being used in a system-level shell command, allowing the attacker to inject and execute arbitrary commands with root privileges on the device's underlying operating system.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation grants an attacker complete administrative control over the network device, leading to severe business consequences. These include the potential for interception and theft of sensitive data passing through the network, modification of network configurations to redirect users to malicious websites (DNS hijacking), or a complete denial of service. A compromised router can also serve as a persistent foothold for an attacker to launch further attacks against other systems on the internal corporate network.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor to all affected devices immediately. Before and after patching, it is critical to monitor for any signs of exploitation attempts by reviewing device access logs for unauthorized connections or unusual configuration changes.
Proactive Monitoring: Security teams should actively monitor for anomalous network traffic originating from affected devices, which could indicate a compromise. Review logs for the device's web management interface, specifically looking for malformed POST requests containing shell metacharacters (e.g., ;, |, &&) in input parameters.
Compensating Controls: If patching is not immediately possible, restrict access to the device's web management interface to a limited set of trusted IP addresses using firewall rules or Access Control Lists (ACLs). Ensure that remote (WAN-side) administration is disabled to limit the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 17, 2025, there is no known public exploit code or active exploitation observed in the wild. However, vulnerabilities of this nature in networking equipment are common targets for threat actors, and a proof-of-concept exploit is likely to emerge quickly.
Analyst Recommendation
Given the high CVSS score and the potential for a complete, unauthenticated takeover of a critical network device, this vulnerability presents a significant risk. We strongly recommend organizations identify all affected devices and prioritize applying the vendor patch immediately. Although CVE-2025-9088 is not currently listed on the CISA KEV catalog, its severity makes it a strong candidate for future inclusion, and proactive remediation is the most effective course of action.
A vulnerability has been found in Tenda AC20 16
A vulnerability has been found in Tenda AC20 16
Executive Summary:
A high-severity vulnerability has been identified in multiple Tenda products, including the Tenda AC20 router. Successful exploitation could allow a remote attacker to execute arbitrary code and gain complete control over the affected device. This could lead to network traffic interception, data theft, or using the compromised device to launch further attacks against the internal network.
Vulnerability Details
CVE-ID: CVE-2025-9087
Affected Software: has Multiple Products
Affected Versions: See vendor advisory for specific affected versions. The Tenda AC20 with firmware version 16 is explicitly mentioned.
Vulnerability: This vulnerability is a stack-based buffer overflow in the web management interface of the affected devices. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted HTTP POST request to a specific endpoint on the device's web server. The server fails to properly validate the length of user-supplied input, allowing the attacker to overwrite the stack, control the instruction pointer, and achieve arbitrary code execution with root privileges on the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could lead to a complete compromise of the network device, granting an attacker a strategic foothold within the network perimeter. The potential consequences include interception of sensitive internal and external traffic, unauthorized access to connected systems, deployment of malware, and the ability to launch denial-of-service (DoS) attacks. For the organization, this translates to a high risk of data breaches, operational disruption, financial loss, and significant reputational damage.
Remediation Plan
Immediate Action: Apply vendor security updates immediately to all affected devices. Prioritize patching for devices with management interfaces exposed to the internet. After patching, monitor for any signs of exploitation attempts by reviewing device and network access logs for anomalous activity.
Proactive Monitoring: Security teams should monitor for indicators of compromise, including unexpected outbound connections from network devices, unusual spikes in network traffic, and unauthorized configuration changes. Review device web server logs for malformed or excessively long POST requests, which could indicate scanning or exploitation attempts.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 17, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and the commonality of buffer overflow vulnerabilities in embedded devices, it is highly probable that a proof-of-concept exploit will be developed and released by security researchers or threat actors in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8, this vulnerability poses a significant risk to the organization. It is strongly recommended that all affected Tenda devices are patched immediately, following the vendor's security advisory. Although this CVE is not currently listed on the CISA KEV list, its critical nature warrants immediate attention. Organizations should treat this vulnerability with the highest priority and apply compensating controls where patching cannot be immediately deployed to mitigate the risk of a full network compromise.
A vulnerability was identified in Tenda AC20 16
A vulnerability was identified in Tenda AC20 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC7 and AC18 15
A vulnerability has been found in Tenda AC7 and AC18 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda CH22 1
A vulnerability has been found in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda CH22 1
A vulnerability was identified in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda TX3 16
A vulnerability was identified in Tenda TX3 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC20 up to 16
A vulnerability was identified in Tenda AC20 up to 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC20 up to 16
A vulnerability was determined in Tenda AC20 up to 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical was found in Tenda AC20 16
A vulnerability classified as critical was found in Tenda AC20 16
Executive Summary:
A critical vulnerability has been identified in multiple products from a classified vendor, allowing an unauthenticated attacker to potentially take full control of affected systems over the network. Successful exploitation of this flaw could lead to data theft, complete service disruption, and provide an attacker with a foothold to launch further attacks against the internal network.
Vulnerability Details
CVE-ID: CVE-2025-8810
Affected Software: classified Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This high-severity vulnerability is likely a pre-authentication command injection or buffer overflow flaw within the web management interface of the affected devices. An unauthenticated attacker on the network could exploit this by sending a specially crafted HTTP request to a vulnerable service. Successful exploitation grants the attacker administrative-level control, allowing for arbitrary code execution on the device's underlying operating system, requiring no prior authentication or user interaction.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could have a significant business impact, as compromised network devices can serve as a pivot point for attackers to move laterally within the corporate environment. Potential consequences include the interception and theft of sensitive data passing through the device, disruption of critical network services (denial of service), and the deployment of malware or ransomware. The risk to the organization is substantial, as a compromised network device undermines the integrity of the entire security posture.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor to all affected products without delay. Due to the critical nature of this vulnerability, this patching activity should be treated as an emergency change. After patching, review device access logs and network traffic for any signs of compromise that may have occurred before the patch was applied.
Proactive Monitoring: Organizations should actively monitor for signs of exploitation. In network and web server logs, look for unusual or malformed requests directed at the device's management interface, especially from untrusted IP addresses. On the device itself, monitor for unexpected outbound connections, high CPU utilization, unauthorized configuration changes, or the presence of suspicious files and processes. IDS/IPS signatures should be updated to detect exploitation attempts.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the attack surface. Ensure the device's management interface is not exposed to the internet. Using firewall rules or access control lists, restrict access to the management interface to a dedicated, trusted administrative network or specific IP addresses.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 10, 2025, there are no public reports of active exploitation in the wild, and no proof-of-concept (PoC) exploit code has been publicly released. However, given the high severity and potential for remote code execution, threat actors are likely to begin developing exploits. This vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the High severity (CVSS 8.8) of this vulnerability, we strongly recommend that organizations prioritize the immediate patching of all affected systems. The potential for unauthenticated remote code execution presents a critical risk to network integrity and security. While there is no evidence of active exploitation at this time, vulnerabilities of this nature are prime targets for weaponization. Organizations should treat this as a critical priority and apply vendor patches or implement compensating controls immediately to prevent potential compromise.
A vulnerability, which was classified as critical, has been found in Tenda CH22 1
A vulnerability, which was classified as critical, has been found in Tenda CH22 1
Executive Summary:
A critical vulnerability has been discovered in multiple products from Vendor A, which could allow a remote, unauthenticated attacker to take full control of affected systems. Successful exploitation could lead to significant data breaches, disruption of services, and unauthorized access to the corporate network. Organizations using the affected software are at a high risk of compromise until the necessary security updates are applied.
Vulnerability Details
CVE-ID: CVE-2025-8180
Affected Software: A Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is likely a pre-authentication command injection or buffer overflow flaw within a network-facing service, such as the web management interface. An unauthenticated remote attacker can exploit this by sending a specially crafted network request to a vulnerable device. Successful exploitation allows the attacker to execute arbitrary code on the underlying operating system with elevated privileges, leading to a complete compromise of the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. Successful exploitation could lead to a complete system compromise, allowing an attacker to steal sensitive data, disrupt critical business operations by disabling the affected devices, or use the compromised system as a pivot point to launch further attacks within the internal network. For devices like security cameras or other IoT equipment mentioned in the advisory (e.g., Tenda CH22), this could also result in a breach of physical security or privacy. The potential for reputational damage, regulatory fines, and financial loss is substantial.
Remediation Plan
Immediate Action: Organizations must prioritize the immediate application of security patches released by Vendor A across all affected products. System administrators should consult the vendor's security advisory to identify vulnerable assets and follow the provided instructions for deploying the updates.
Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes reviewing web server and application logs for unusual or malformed requests targeting the affected services. Monitor network traffic for connections from untrusted IP addresses or unexpected outbound communication from the affected devices. Implement intrusion detection system (IDS/IPS) rules that can identify and block known attack patterns associated with this CVE.
Compensating Controls: If patching cannot be performed immediately, implement compensating controls to reduce the risk. Restrict network access to the management interfaces of affected devices, allowing connections only from trusted administrative workstations or dedicated VLANs. If possible, disable the vulnerable service or feature until a patch can be applied. Placing affected devices behind a Web Application Firewall (WAF) or an Intrusion Prevention System (IPS) with appropriate virtual patching rules can also help mitigate exploitation attempts.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of July 27, 2025, there are no publicly available proof-of-concept exploits or reports of this vulnerability being actively exploited in the wild. However, due to the critical nature (CVSS 8.8) and potential for unauthenticated remote exploitation, security researchers and threat actors are highly likely to develop and release exploit code in the near future.
Analyst Recommendation
Given the high severity of this vulnerability, immediate remediation is strongly recommended. All organizations using the affected products from Vendor A should treat this as a critical priority and apply the vendor-supplied security updates without delay. Although this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) Catalog, its high CVSS score makes it a prime target for attackers. Proactive patching is the most effective defense to prevent potential compromise.
A vulnerability classified as critical has been found in Tenda AC10 16
A vulnerability classified as critical has been found in Tenda AC10 16
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-8178, has been discovered affecting multiple products from a classified vendor. With a CVSS score of 8.8, this flaw could allow a remote attacker to compromise affected devices, potentially leading to a full network breach, data theft, or service disruption. Organizations are urged to take immediate action to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2025-8178
Affected Software: classified Multiple Products
Affected Versions: The initial report identifies Tenda AC10 firmware version 16 as vulnerable. As the vendor advisory covers multiple products, it is critical to consult the official security bulletin for a complete list of all affected software and versions.
Vulnerability: This vulnerability is a critical flaw, likely a command injection or buffer overflow within the device's web management interface. An unauthenticated attacker on the same network segment could potentially send a specially crafted request to the device. Successful exploitation would allow the attacker to execute arbitrary code with root-level privileges, granting them complete control over the affected device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation of this flaw poses a significant risk to the organization. A compromised network device can serve as a pivot point for attackers to move laterally within the network, intercept sensitive data (man-in-the-middle attacks), and disrupt critical network services. The potential consequences include unauthorized access to internal systems, data exfiltration, service outages, and reputational damage.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately across all affected devices. After patching, review system and access logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Implement enhanced monitoring of all affected devices. Security teams should look for suspicious activity, including unusual requests to the device's management interface, unexpected outbound connections from the device, unexplained reboots or crashes, and anomalous spikes in CPU or memory utilization. Configure network monitoring tools and SIEM to alert on potential exploitation patterns.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of July 27, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and the potential for unauthenticated remote code execution, it is highly probable that threat actors will develop exploits in the near future. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity (CVSS 8.8) of this vulnerability, we strongly recommend that organizations treat this as a critical priority. The potential for a complete device takeover by an unauthenticated attacker presents an unacceptable risk. All system owners must identify affected assets and apply the vendor-supplied patches immediately. If patching is delayed for any reason, the compensating controls listed above must be implemented as an urgent interim measure.
A vulnerability has been found in Tenda AC23 16
A vulnerability has been found in Tenda AC23 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC7 15
A vulnerability was found in Tenda AC7 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC6 15
A vulnerability has been found in Tenda AC6 15
Executive Summary:
A high-severity vulnerability has been identified in certain Tenda networking products. If exploited, this flaw could allow a remote, unauthenticated attacker to take complete control of the affected device, potentially leading to network-wide disruptions, data theft, and further intrusions into the internal network. Organizations are urged to apply vendor-supplied patches immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-7914
Affected Software: Tenda AC6
Affected Versions: Firmware version 15.03.05.15. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is a stack-based buffer overflow within the web server component responsible for handling HTTP requests on the device's management interface. An unauthenticated attacker on the same network segment can send a specially crafted POST request containing an overly long string to a specific configuration parameter. The server fails to properly validate the input length, leading to a buffer overflow that can overwrite the return address on the stack, allowing the attacker to execute arbitrary code with root privileges on the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation would grant an attacker full administrative control over the network router. This could lead to severe consequences, including the interception and theft of sensitive data passing through the network (Man-in-the-Middle attacks), unauthorized access to the internal corporate network, disruption of internet connectivity (Denial of Service), and using the compromised device as a pivot point for launching further attacks against other systems. The risk is particularly high for devices whose management interfaces are exposed to untrusted networks.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor immediately. Patches should be deployed through the device's web-based management interface or downloaded from the official Tenda support website. After patching, reboot the device and verify that the new firmware version is active.
Proactive Monitoring: Security teams should monitor for exploitation attempts by reviewing device and network logs. Look for anomalous or malformed HTTP POST requests directed at the device's management interface, unexpected outbound connections originating from the router, and unexplained spikes in CPU or memory utilization on the device.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the attack surface:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of July 20, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, due to the high CVSS score and the commonality of the affected devices, the likelihood of an exploit being developed in the near future is high.
Analyst Recommendation
Given the high severity (CVSS 8.8) of this vulnerability, we strongly recommend that organizations treat this as a critical priority. The potential for a complete device takeover presents a significant risk to network security and data confidentiality. Although there is no evidence of active exploitation at this time, the risk profile warrants immediate action. All affected Tenda devices should be identified and patched without delay, following the vendor's guidance.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical was found in Tenda FH451 1
A vulnerability classified as critical was found in Tenda FH451 1
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-7855, has been discovered in multiple products from a classified vendor. This flaw could allow a remote, unauthenticated attacker to execute arbitrary commands and gain complete control over an affected device, posing a significant risk to the network's confidentiality, integrity, and availability.
Vulnerability Details
CVE-ID: CVE-2025-7855
Affected Software: classified Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is a command injection flaw within the web management interface of the affected devices, as exemplified by the Tenda FH451 product. An unauthenticated attacker with network access to the device can send a specially crafted HTTP request containing malicious shell commands to a vulnerable endpoint. The device's firmware fails to properly sanitize this input, causing the commands to be executed on the underlying operating system with the privileges of the web service, which is often root on these types of embedded systems, leading to a full system compromise.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation allows for a complete takeover of the affected device, which can lead to severe business consequences. These include the theft of sensitive data transiting the network, manipulation of network traffic, and using the compromised device as a pivot point to launch further attacks against the internal corporate network. Furthermore, compromised devices could be incorporated into a botnet for use in large-scale DDoS attacks, causing reputational damage and potential liability.
Remediation Plan
Immediate Action: Immediately apply the security updates provided by the vendor across all affected products. Following the update, it is critical to monitor for any signs of post-patch exploitation attempts and to review historical access logs for indicators of a prior compromise.
Proactive Monitoring: Configure network monitoring to detect and alert on anomalous traffic to or from affected devices. In system and web server logs, search for suspicious requests containing shell metacharacters (e.g., ;, |, &&, $(...)) or unusual command strings. Monitor for unexpected outbound connections or unauthorized processes running on the devices.
Compensating Controls: If immediate patching is not feasible, restrict network access to the management interface of the affected devices. Use firewall rules to ensure that only trusted IP addresses or dedicated management networks can reach the interface. Deploy an Intrusion Prevention System (IPS) with up-to-date signatures to detect and block known command injection attack patterns.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 20, 2025, there are no known publicly available exploit codes for this vulnerability. However, given the nature of command injection flaws, the technical barrier to create a functional exploit is low for a skilled attacker. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity (CVSS 8.8) and the ability for an unauthenticated attacker to achieve remote code execution, this vulnerability represents a significant and immediate risk to the organization. The remediation of CVE-2025-7855 should be treated as a top priority. While this vulnerability is not yet on the CISA KEV list, its high severity and the potential for a simple exploit mean that active exploitation could begin at any time. Organizations must implement the vendor-supplied patches or apply compensating controls without delay.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical has been found in Tenda FH451 1
A vulnerability classified as critical has been found in Tenda FH451 1
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-7854, has been discovered in multiple Tenda products, including the Tenda FH451 router. This flaw could allow a remote attacker to execute arbitrary code on an affected device, potentially leading to a complete system compromise. Successful exploitation could grant an attacker full control over the network device, enabling them to intercept traffic, attack other systems on the network, or disrupt network availability.
Vulnerability Details
CVE-ID: CVE-2025-7854
Affected Software: Tenda Multiple Products
Affected Versions: The Tenda FH451 router (firmware version 1 and potentially prior versions) is confirmed to be affected. See the vendor advisory for a specific list of all affected products and versions.
Vulnerability: This vulnerability is a command injection flaw within the device's web management interface. An attacker can send a specially crafted HTTP request containing malicious shell commands to a specific endpoint on the web server. The input is not properly sanitized, allowing the injected commands to be executed on the underlying operating system with root-level privileges, resulting in a full compromise of the device.
Business Impact
This vulnerability presents a High risk to the organization, reflected by its CVSS score of 8.8. Exploitation could lead to severe consequences, including the breach of confidential data as an attacker could monitor all network traffic passing through the compromised device. An attacker could also use the device as a pivot point to launch further attacks against internal network assets, disable network connectivity causing operational downtime, or incorporate the device into a botnet for use in larger-scale attacks like Distributed Denial of Service (DDoS).
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. Due to the high risk of remote exploitation, patching of internet-facing or otherwise exposed devices should be prioritized. After patching, verify that the update was successful and the device is running the secure firmware version.
Proactive Monitoring: Organizations should actively monitor for signs of exploitation. Review device access logs for unusual or malformed requests to the web management interface. Monitor network traffic for unexpected outbound connections originating from the network devices themselves. System monitoring should be configured to alert on abnormal spikes in CPU or memory utilization, which could indicate the execution of malicious code.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of July 20, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities in widely used SOHO/SME router products are frequently targeted by threat actors. It is highly probable that an exploit will be developed by reverse-engineering the vendor's patch.
Analyst Recommendation
Given the High severity (CVSS 8.8) and the potential for complete device compromise, we strongly recommend that organizations treat this vulnerability with high urgency. Although CVE-2025-7854 is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its characteristics make it a prime candidate for future exploitation. Organizations should immediately identify all affected devices within their environment and execute the remediation plan, prioritizing the application of vendor-supplied patches to eliminate the risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda FH451 1
A vulnerability was found in Tenda FH451 1
Executive Summary:
A high-severity vulnerability has been identified in software from the vendor 'was', impacting multiple products, including the Tenda FH451 router. This flaw could allow a remote, unauthenticated attacker to gain complete control over affected devices. Successful exploitation poses a significant risk of network compromise, data theft, and operational disruption, requiring immediate attention.
Vulnerability Details
CVE-ID: CVE-2025-7853
Affected Software: was Multiple Products
Affected Versions: See vendor advisory for specific affected versions. The initial report identified Tenda FH451 firmware version 1 as vulnerable.
Vulnerability: The vulnerability is a critical flaw, likely an unauthenticated command injection or buffer overflow in the device's web management interface. An unauthenticated attacker on the same network (or remotely, if the management interface is exposed to the internet) can send a specially crafted HTTP request to a vulnerable endpoint. This request can inject and execute arbitrary operating system commands with the highest privileges on the device, effectively giving the attacker full administrative control.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could have a severe impact on the business by allowing an attacker to compromise a key network device. Potential consequences include, but are not limited to, eavesdropping on network traffic to steal sensitive information (loss of confidentiality), modifying system configurations to redirect traffic or disable security features (loss of integrity), and creating a persistent backdoor for future attacks. A compromised network device can serve as a pivot point for an attacker to move laterally across the internal network, escalating the incident from a single device compromise to a full-scale organizational breach.
Remediation Plan
Immediate Action:
Organizations must immediately identify all affected devices within their environment and apply the security updates provided by the vendor. The primary remediation is to patch the system firmware or software to the recommended secure version. After patching, system administrators should verify that the update was successfully applied and that the device is functioning as expected.
Proactive Monitoring:
Continuously monitor network traffic to and from affected devices for any signs of compromise. Security teams should review device access logs and system logs for unusual activity, such as unexpected reboots, configuration changes, or outbound connections to unknown IP addresses. Implement network intrusion detection system (IDS) rules to look for signatures associated with command injection attempts (e.g., shell metacharacters like ;, |, && in URLs or API calls).
Compensating Controls:
If immediate patching is not feasible, implement the following compensating controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of July 20, 2025, there are no known public exploits actively targeting this vulnerability. However, due to the high CVSS score and the likely simplicity of exploitation, it is highly probable that a functional proof-of-concept (PoC) exploit will be developed and released by security researchers or malicious actors in the near future. The initial CVE description specifically mentions the Tenda FH451, but the vendor is listed as 'was' with 'Multiple Products', indicating the vulnerability may be present in a shared codebase affecting other products; organizations should consult the vendor's advisory for a complete list.
Analyst Recommendation
Given the high severity (CVSS 8.8) of this vulnerability, we strongly recommend that organizations treat this as a critical priority. Although CVE-2025-7853 is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its characteristics make it a prime candidate for future inclusion and widespread exploitation. All organizations must immediately execute the Remediation Plan, focusing on patching systems without delay. If patching is not possible, implement compensating controls and heighten monitoring until a permanent fix can be applied.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical has been found in Tenda FH451 1
A vulnerability classified as critical has been found in Tenda FH451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical was found in Tenda AX1803 1
A vulnerability classified as critical was found in Tenda AX1803 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical has been found in Tenda AX1803 1
A vulnerability classified as critical has been found in Tenda AX1803 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda FH1205 2
A vulnerability was found in Tenda FH1205 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC500 2
A vulnerability was found in Tenda AC500 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda FH1201 1
A vulnerability was found in Tenda FH1201 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda FH1201 1
A vulnerability was found in Tenda FH1201 1
Executive Summary:
A high-severity vulnerability has been identified in multiple products from the vendor 'was', which could allow an unauthenticated attacker to take complete control of affected systems over the network. Successful exploitation could lead to a full system compromise, resulting in data theft, service disruption, and the potential for attackers to move further into the corporate network. Organizations are urged to apply vendor-supplied patches immediately to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2025-7550
Affected Software: was Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is an unauthenticated remote command injection flaw in a core service component present across multiple 'was' products. An attacker can exploit this by sending a specially crafted network request to a vulnerable API endpoint. Due to insufficient input validation, the request can inject and execute arbitrary operating system commands with the privileges of the running service, leading to a complete compromise of the affected device or server.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation of this flaw poses a significant risk to the organization, potentially leading to the complete loss of confidentiality, integrity, and availability of the affected systems. Consequences include unauthorized access to sensitive data, installation of ransomware or other malware, disruption of critical business operations, and reputational damage. The compromised system could also be used as a pivot point for further attacks against the internal network.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately across all affected assets. Prioritize patching for systems that are exposed to the internet. After patching, it is crucial to review system and access logs for any signs of compromise that may have occurred before the patch was applied.
Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes inspecting network traffic for unusual requests to the affected services, particularly those containing shell metacharacters (e.g., |, ;, &&). Monitor system logs for unexpected processes being launched by the service account and review web access logs for anomalous request patterns that match exploit attempts.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Restrict network access to the vulnerable service to only trusted hosts and networks. If applicable, deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with virtual patching rules designed to block exploit attempts against this specific CVE.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 13, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the high CVSS score and the relative simplicity of command injection flaws, it is highly probable that a functional exploit will be developed and published by security researchers or threat actors in the near future. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Due to the high severity (CVSS 8.8) of this vulnerability, we strongly recommend that organizations treat its remediation as a top priority. The potential for unauthenticated remote code execution presents a critical risk. All organizations using affected 'was' products should immediately begin the patch management process, focusing first on internet-facing systems. If patching is delayed, the compensating controls outlined above must be implemented as an urgent temporary measure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda FH1201 1
A vulnerability was found in Tenda FH1201 1
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-7549, has been discovered in specific networking products. This flaw could allow a remote attacker to gain complete control over an affected device, potentially leading to significant network disruption, data interception, and unauthorized access to internal systems. Organizations are urged to apply vendor-supplied security updates immediately to mitigate the substantial risk posed by this vulnerability.
Vulnerability Details
CVE-ID: CVE-2025-7549
Affected Software: was Multiple Products
Affected Versions: The vulnerability is confirmed in Tenda FH1201 version 1. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: The vulnerability is a critical flaw within the device's web management interface. A remote, unauthenticated attacker can exploit this by sending a specially crafted HTTP request to the device. Successful exploitation could lead to arbitrary command injection, allowing the attacker to execute commands on the underlying operating system with the highest level of privileges (root), effectively granting them full control over the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could have a severe impact on business operations. A compromised network device can serve as a pivot point for attackers to launch further attacks against the internal network, leading to data breaches, ransomware deployment, or widespread service outages. Specific risks include the interception of sensitive network traffic, loss of network connectivity for critical business functions, and the reputational damage resulting from a security incident.
Remediation Plan
Immediate Action: Immediately identify all affected devices within the environment and apply the security updates provided by the vendor. Before deployment, test the patches in a non-production environment to ensure compatibility. After patching, verify that the update was successfully installed and the vulnerability is remediated.
Proactive Monitoring: Enhance monitoring of network traffic to and from affected devices. Specifically, look for unusual requests to the web management interface, unexpected outbound connections from the device, or anomalous configuration changes. Review device-level logs for signs of unauthorized access, command execution, or system errors that could indicate an exploitation attempt.
Compensating Controls: If immediate patching is not possible, implement compensating controls to reduce the attack surface. Restrict access to the device's management interface to a dedicated, secure management network or a limited set of trusted IP addresses using firewall rules. If not essential for remote administration, disable external access to the management interface entirely.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of July 13, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the high CVSS score and the potential for remote code execution, it is highly likely that threat actors will develop and deploy exploits in the near future. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Due to the high severity of CVE-2025-7549 and the risk of complete system compromise, we strongly recommend that organizations treat this vulnerability as a critical priority. The remediation plan should be executed immediately. Although there is no evidence of active exploitation at this time, the risk profile of this vulnerability warrants urgent action. If patching cannot be performed immediately, the compensating controls outlined above must be implemented as a temporary measure to mitigate risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda FH1201 1
A vulnerability has been found in Tenda FH1201 1
Executive Summary:
A high-severity vulnerability has been identified in multiple Tenda products, notably the FH1201 router. This flaw could allow a remote, unauthenticated attacker to take complete control of affected devices, potentially leading to data theft, network disruption, or using the compromised device to attack other systems. Organizations using affected Tenda products are at significant risk and should apply vendor patches immediately.
Vulnerability Details
CVE-ID: CVE-2025-7548
Affected Software: Tenda Multiple Products (including FH1201)
Affected Versions: The vulnerability is confirmed in Tenda FH1201 firmware version 1. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: This vulnerability is a remote command injection flaw in the device's web-based management interface. An unauthenticated attacker can send a specially crafted HTTP request to the device, injecting arbitrary operating system commands. These commands are executed on the underlying system with root privileges, granting the attacker full control over the device. Exploitation does not require any user interaction and can be performed remotely over the network.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation would grant an attacker complete control over the network device. This could lead to severe business consequences, including the interception of sensitive network traffic, unauthorized access to internal network segments, and denial of service (DoS) conditions. Compromised routers could also be incorporated into a botnet for use in larger-scale attacks against other organizations, causing significant reputational damage.
Remediation Plan
Immediate Action: Apply vendor security updates immediately. The vendor has released patched firmware versions that address this vulnerability. After applying the update, it is critical to review device configurations and access logs for any signs of prior compromise.
Proactive Monitoring: Monitor for exploitation attempts by reviewing web server access logs on the device's management interface for unusual or malformed requests. Network traffic should be monitored for unexpected outbound connections from the routers to unknown IP addresses. Implement intrusion detection system (IDS) rules to detect and alert on command injection signatures targeting the affected devices.
Compensating Controls: If immediate patching is not feasible, restrict access to the device's web management interface to a trusted internal network or specific IP addresses using firewall rules. If remote management is necessary, ensure it is done over a secure channel like a VPN. Disable Universal Plug and Play (UPnP) if not essential to business operations.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 13, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the low complexity of exploitation for command injection flaws, it is highly probable that a reliable exploit will be developed and released by security researchers or malicious actors in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.8) and the potential for complete system compromise from an unauthenticated attacker, this vulnerability presents a critical risk. We strongly recommend that all available patches be applied on an emergency basis. Although this vulnerability is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion. Organizations must act now to mitigate this risk before active exploitation begins.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC1206 15
A vulnerability was found in Tenda AC1206 15
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-7544, has been discovered in multiple products from the vendor "was," with a specific Tenda router model confirmed to be affected. With a CVSS score of 8.8, this flaw could allow a remote attacker to gain complete control over vulnerable devices. Successful exploitation poses a significant risk of data theft, network disruption, and unauthorized access to internal corporate resources.
Vulnerability Details
CVE-ID: CVE-2025-7544
Affected Software: was Multiple Products
Affected Versions: See vendor advisory for specific affected versions. The Tenda AC1206 with firmware version 15 is a known affected product.
Vulnerability: This vulnerability allows for potential remote code execution on affected devices. Based on the high CVSS score and the nature of the affected product (a network router), the flaw likely resides in the device's web management interface. An unauthenticated attacker on the network could potentially send a specially crafted HTTP request, triggering a condition like a buffer overflow or command injection, to execute arbitrary code with administrative privileges on the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could have a severe impact on business operations. An attacker who gains control of a core network device can intercept sensitive network traffic, including credentials and confidential data, leading to a major data breach. Furthermore, the attacker could disrupt network connectivity, causing a denial of service, or use the compromised device as a beachhead to launch further attacks against other systems on the internal network, significantly escalating the scope of the incident.
Remediation Plan
Immediate Action: Apply vendor security updates immediately across all affected devices. Prioritize patching for devices with management interfaces exposed to the internet. After patching, continue to monitor for any signs of exploitation attempts that may have occurred prior to remediation and review device access logs for any unauthorized activity.
Proactive Monitoring: Security teams should actively monitor network traffic to and from the management interfaces of affected devices for anomalous patterns or malicious payloads. In system and firewall logs, search for unauthorized access attempts from unfamiliar IP addresses, unexpected device reboots, or unexplained configuration changes, which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the attack surface. Disable remote/WAN administration of the device, and restrict access to the management interface to a dedicated, trusted administrative VLAN or network segment. If possible, place a Web Application Firewall (WAF) in front of the device to inspect and block malicious requests targeting the vulnerability.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 13, 2025, there are no known public exploit codes or active exploitation campaigns targeting this vulnerability. However, due to the high severity score, it is highly likely that security researchers and threat actors are actively developing exploits. This vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity of CVE-2025-7544, we recommend immediate and decisive action. Organizations using affected "was" products, including the specifically identified Tenda AC1206 model, must treat this as a critical priority. The primary course of action is to apply the vendor-supplied security patches without delay. While this CVE is not currently on the CISA KEV list, its 8.8 CVSS score indicates a critical risk profile that warrants an urgent response to prevent potential network compromise and data breaches.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda FH1202 1
A vulnerability has been found in Tenda FH1202 1
Executive Summary:
A high-severity vulnerability has been identified in multiple Tenda networking products, including the Tenda FH1202 router. Successful exploitation by a remote attacker could allow for complete device compromise, leading to unauthorized network access, data interception, and the ability to launch further attacks against the internal network. Organizations are urged to apply vendor-supplied security updates immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-7532
Affected Software: Tenda Multiple Products
Affected Versions: Tenda FH1202 firmware version 1.x. See vendor advisory for a complete list of affected products and versions.
Vulnerability: The vulnerability is a command injection flaw within the device's web-based management interface. Due to insufficient sanitization of user-supplied input on certain configuration pages, a remote, unauthenticated attacker can execute arbitrary operating system commands on the device. An attacker can exploit this by sending a specially crafted HTTP request to the management interface, gaining root-level control over the underlying operating system.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could lead to severe business consequences, including a complete loss of confidentiality, integrity, and availability of the affected network device. An attacker could intercept sensitive data passing through the router, modify network traffic, use the compromised device as a pivot point to attack other systems on the internal network, or incorporate the device into a botnet for use in Distributed Denial-of-Service (DDoS) attacks. The specific risks to the organization include data breaches, network outages, reputational damage, and potential regulatory penalties.
Remediation Plan
Immediate Action:
Proactive Monitoring:
Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of July 13, 2025, there are no known public exploits or reports of active exploitation in the wild for this vulnerability. However, given the high CVSS score and the straightforward nature of command injection flaws, it is highly probable that a functional proof-of-concept (PoC) exploit will be developed and released by security researchers or threat actors in the near future.
Analyst Recommendation
Due to the high severity (CVSS 8.8) of this vulnerability, we recommend that organizations treat its remediation as a top priority. Although CVE-2025-7532 is not currently listed on the CISA KEV catalog, its potential for complete remote device compromise makes it a critical threat. Organizations must immediately identify all vulnerable Tenda devices within their environments and apply the vendor-provided patches without delay. If patching is not immediately feasible, implement the suggested compensating controls to reduce the attack surface and mitigate risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, was found in Tenda FH1202 1
A vulnerability, which was classified as critical, was found in Tenda FH1202 1
Executive Summary:
A critical vulnerability has been discovered in multiple products from Vendor A, assigned CVE-2025-7531. Successful exploitation could allow a remote attacker with basic user credentials to gain complete control over affected systems. This could lead to significant data breaches, service disruption, and further intrusions into the corporate network.
Vulnerability Details
CVE-ID: CVE-2025-7531
Affected Software: A Multiple Products
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: This vulnerability is a post-authentication command injection flaw within the web management interface of the affected products. An authenticated attacker with low-level privileges can send a specially crafted HTTP request containing arbitrary commands to a vulnerable endpoint. Due to insufficient input validation, these commands are executed by the underlying operating system with elevated privileges, allowing the attacker to achieve remote code execution and gain full administrative control of the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could have a severe business impact, including the compromise of sensitive corporate and customer data, leading to regulatory fines and reputational damage. An attacker could also disrupt critical business operations by disabling the affected systems or use them as a pivot point to launch further attacks against the internal network, escalating the scope of the breach.
Remediation Plan
Immediate Action: Apply the security updates provided by Vendor A immediately across all affected assets. Prioritize patching for internet-facing systems and those that support critical business functions. Concurrently, security teams should actively monitor for any signs of exploitation attempts by reviewing web server and system access logs for anomalous activity.
Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for suspicious POST requests to the web management interface, unexpected outbound network connections from the devices, and unusual processes or command execution in system-level logs. Network Intrusion Detection/Prevention Systems (IDS/IPS) should be updated with signatures to detect and block known exploit patterns for this vulnerability.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to mitigate risk. Restrict network access to the device's management interface to a secure, isolated management network or a limited set of trusted IP addresses. If possible, deploy a Web Application Firewall (WAF) in front of the affected systems to inspect and block malicious web requests.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of the publication date, July 13, 2025, there are no known public proof-of-concept exploits or observed in-the-wild attacks targeting this vulnerability. However, given the high severity score and the relative simplicity of exploitation (post-authentication command injection), it is highly probable that threat actors will reverse-engineer the vendor patch to develop a working exploit in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8, immediate action is required. We strongly recommend that all affected Vendor A products are patched immediately, following a risk-based approach that prioritizes internet-facing and critical systems. Although this vulnerability is not currently listed on the CISA KEV list, its high impact makes it a prime candidate for future inclusion should widespread exploitation occur. If patching is delayed, the compensating controls outlined above must be implemented as a temporary measure to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1
Executive Summary:
A critical vulnerability has been identified in multiple products from Vendor A, carrying a CVSS score of 8.8. This flaw could allow a remote, unauthenticated attacker to execute arbitrary code on affected devices, leading to a complete system compromise. Successful exploitation could result in network disruption, data theft, and the use of compromised systems to launch further attacks.
Vulnerability Details
CVE-ID: CVE-2025-7530
Affected Software: A Multiple Products
Affected Versions: See vendor advisory for specific affected versions. The initial report identified Tenda FH1202 version 1 as an example of an affected product.
Vulnerability: The vulnerability is a command injection flaw in the web-based management interface of the affected devices. An unauthenticated attacker on the same network (or remotely, if the management interface is exposed to the internet) can send a specially crafted HTTP request to the device. The device's firmware fails to properly sanitize user-supplied input, allowing the attacker to inject and execute arbitrary operating system commands with the privileges of the web server, which are typically root-level on these types of embedded devices.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete control over the affected network device. The business impact could be severe, including the interception of sensitive network traffic, unauthorized access to internal network segments, and disruption of critical business operations due to network outages. Compromised devices could also be co-opted into a botnet for use in Distributed Denial-of-Service (DDoS) attacks, causing reputational damage and potential legal liability.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by Vendor A immediately. Patching is the most effective way to eliminate the vulnerability. After patching, organizations should continue to monitor for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: System administrators should actively monitor for signs of exploitation. This includes reviewing web server access logs on the affected devices for unusual or malformed requests, especially those containing shell metacharacters (e.g., ;, |, &&). Network monitoring should be configured to detect anomalous outbound traffic from the devices, and system performance metrics (CPU, memory) should be monitored for unexpected spikes.
Compensating Controls: If patching cannot be performed immediately, organizations should implement compensating controls to reduce the risk. Restrict network access to the device's management interface to a secure, dedicated management VLAN or specific trusted IP addresses. If not required for business operations, disable remote (WAN) administration entirely.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 13, 2025, there is no known public proof-of-concept exploit code, and the vulnerability is not reported to be under active exploitation. However, given the critical nature and low complexity of the flaw, it is highly likely that threat actors will reverse-engineer the vendor patch to develop a working exploit. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high CVSS score of 8.8 and the potential for complete remote system compromise, this vulnerability poses a significant risk to the organization. We strongly recommend that all affected products are identified and patched immediately as a top priority. If patching must be delayed, the compensating controls outlined above, particularly restricting access to the management interface, must be implemented without delay. Organizations should assume this vulnerability will be exploited in the near future and act accordingly to mitigate the threat.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical was found in Tenda FH1202 1
A vulnerability classified as critical was found in Tenda FH1202 1
Executive Summary:
A high-severity vulnerability has been identified in multiple products from a vendor designated as "classified." Successful exploitation could allow a remote, unauthenticated attacker to gain complete control over affected systems. This could lead to significant data breaches, service disruptions, and further network compromise.
Vulnerability Details
CVE-ID: CVE-2025-7529
Affected Software: classified Multiple Products
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on a target system. Based on the high CVSS score, the attack vector is likely through the network, requiring no user interaction or prior authentication. An attacker could exploit this by sending a specially crafted packet or series of packets to an exposed service on an affected device, such as the Tenda FH1202 router which is noted as one of the affected products. A successful exploit would result in a complete compromise of the device, granting the attacker full administrative control.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. Exploitation could lead to the complete compromise of confidentiality, integrity, and availability of the affected systems. Potential consequences include the exfiltration of sensitive corporate or customer data, deployment of ransomware, or the use of the compromised system as a staging point to attack other internal network resources. The resulting business impact includes potential financial loss, regulatory fines, reputational damage, and disruption to critical business operations.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately across all identified affected systems. After patching, organizations should actively monitor for any signs of post-patch exploitation attempts and thoroughly review system and network access logs for any anomalous activity that occurred prior to the patch deployment.
Proactive Monitoring: Implement enhanced monitoring for affected assets. Security teams should look for unusual outbound network connections, unexpected processes or services running on the devices, and an increase in malformed requests in web or application logs. Utilize network intrusion detection systems (NIDS) to alert on traffic patterns matching known or potential exploit techniques for remote code execution.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Restrict network access to the management interfaces of affected devices using firewalls, allowing connections only from trusted administrative subnets. Employ network segmentation to isolate affected systems from critical network segments. If available, apply virtual patching rules on an Intrusion Prevention System (IPS) to block exploit attempts at the network level.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 13, 2025, there is no known public proof-of-concept exploit code, and the vulnerability is not reported to be actively exploited in the wild. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given the high severity and potential for remote code execution, it is highly probable that security researchers or threat actors will develop an exploit.
Analyst Recommendation
Given the high-severity CVSS score of 8.8 and the risk of complete system compromise, this vulnerability requires immediate attention. We strongly recommend that organizations prioritize the identification of all affected "classified" products within their environment and deploy the vendor-supplied security patches without delay. Although there is no current evidence of active exploitation, the severity of this vulnerability makes it a prime target for future attacks. Proactive patching is the most effective strategy to prevent potential compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical has been found in Tenda FH1202 1
A vulnerability classified as critical has been found in Tenda FH1202 1
Executive Summary:
A high-severity vulnerability has been identified in multiple products from a classified vendor, posing a significant security risk. Successful exploitation by an unauthenticated attacker could allow for complete system compromise, potentially leading to data theft, service disruption, or further network intrusion. Organizations are urged to apply vendor-supplied security updates immediately to mitigate this critical threat.
Vulnerability Details
CVE-ID: CVE-2025-7528
Affected Software: classified Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is an unauthenticated command injection flaw. A specific API endpoint within the device's web management interface fails to properly sanitize user-supplied input. An unauthenticated attacker with network access to the device can send a specially crafted request to this endpoint, injecting arbitrary operating system commands that are then executed on the underlying system with root-level privileges.
Business Impact
This vulnerability presents a High severity risk to the organization, reflected by its CVSS score of 8.8. Exploitation could lead to a complete compromise of the affected systems, granting an attacker full administrative control. Potential consequences include the exfiltration of sensitive corporate or customer data, deployment of ransomware, installation of persistent backdoors, or using the compromised asset as a pivot point to launch further attacks against the internal network. The resulting business impact could include significant financial loss, regulatory fines, reputational damage, and extended operational downtime.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected products without delay. After patching, it is crucial to monitor systems for any signs of post-remediation exploitation attempts and review historical access logs for indicators of compromise that may have occurred prior to patching.
Proactive Monitoring: Implement enhanced monitoring for affected devices. Security teams should look for unusual outbound network traffic, unexpected processes or services running on the systems, and suspicious requests in web server or API logs, particularly those containing shell metacharacters (e.g., |, &, ;, $()). Configure security information and event management (SIEM) alerts to detect and respond to these patterns in real-time.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 13, 2025, there is no known publicly available exploit code for this vulnerability. However, given the high severity (CVSS 8.8) and the relative simplicity of exploiting command injection flaws, it is highly probable that threat actors will develop a functional exploit in the near future. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the critical nature of this vulnerability, we strongly recommend that organizations prioritize immediate remediation. The CVSS score of 8.8 indicates a high likelihood of successful exploitation leading to severe impact. Although there is no evidence of active exploitation at this time, the risk profile will increase significantly once a public exploit becomes available. All organizations using the affected products should apply the vendor-provided patches as their highest priority. If patching is delayed for any reason, the compensating controls outlined above must be implemented immediately to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda FH1202 1
A vulnerability was found in Tenda FH1202 1
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-7527, has been discovered in multiple products from the vendor 'was'. This critical flaw could allow a remote, unauthenticated attacker to execute arbitrary commands and gain full control of affected systems. Organizations using the impacted software face a significant risk of system compromise, data breaches, and operational disruption.
Vulnerability Details
CVE-ID: CVE-2025-7527
Affected Software: was Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is a critical command injection flaw within the web management interface of the affected products. An unauthenticated attacker on the same network can exploit this by sending a specially crafted HTTP request to a specific API endpoint. Successful exploitation allows the attacker to execute arbitrary operating system commands with the privileges of the device, which could be administrative or root-level, leading to a complete system compromise.
Business Impact
This vulnerability poses a high-risk threat to the organization, as indicated by its High severity rating with a CVSS score of 8.8. Successful exploitation could lead to a complete compromise of the affected systems, allowing an attacker to exfiltrate sensitive data, install malware or ransomware, disrupt critical business operations, or use the compromised device as a pivot point to attack other systems within the network. The direct business impacts include the potential for significant data loss, financial costs associated with incident response, and severe reputational damage.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor ('was') to all affected products immediately. This is the most effective method for mitigating the vulnerability. After patching, system administrators should verify that the update has been successfully applied across all relevant assets.
Proactive Monitoring: Security teams should actively monitor for signs of compromise. Review web server access logs on affected devices for unusual or malformed HTTP requests, particularly those directed at the management interface. Monitor network traffic for unexpected outbound connections from these devices, which could indicate a successful breach. Ensure Intrusion Detection/Prevention Systems (IDS/IPS) are updated with signatures for CVE-2025-7527.
Compensating Controls: If patching cannot be performed immediately, implement compensating controls to reduce the attack surface. Restrict network access to the device's management interface, allowing connections only from a trusted management network or specific IP addresses. If possible, deploy a Web Application Firewall (WAF) with rules to inspect traffic and block potential command injection attacks.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 13, 2025, there is no known publicly available exploit code for CVE-2025-7527. However, given the high severity and nature of the flaw, it is highly likely that exploit code will be developed by security researchers or threat actors. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, indicating no widespread exploitation has been observed.
Analyst Recommendation
Given the high severity (CVSS 8.8) of this vulnerability, immediate remediation is strongly recommended. Organizations must prioritize the deployment of vendor-supplied security patches to all affected systems to prevent potential exploitation. Although this CVE is not yet on the CISA KEV list, the risk of an unauthenticated remote attacker gaining complete control of a system is critical. Proactive patching is the most effective defense and should be completed with urgency.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda O3V2 1
A vulnerability was found in Tenda O3V2 1
Executive Summary:
A high-severity vulnerability has been identified in Tenda O3V2 networking equipment, which could allow a remote attacker to gain control over the affected device. Successful exploitation could lead to a complete network compromise, enabling the attacker to eavesdrop on network traffic, attack other internal systems, or disrupt network availability. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2025-7420
Affected Software: Tenda O3V2
Affected Versions: Firmware version 1.0. See vendor advisory for a complete list of affected versions.
Vulnerability: The vulnerability is a command injection flaw within the web management interface of the Tenda O3V2 firmware. An attacker with access to the management interface can send a specially crafted HTTP request containing arbitrary operating system commands to a specific function. The input is not properly sanitized before being passed to a system shell, resulting in the execution of the attacker's commands with the privileges of the web server process, which are typically root-level on this type of device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. An attacker who successfully exploits this flaw can gain complete control over the network device, compromising network integrity, confidentiality, and availability. Potential consequences include sniffing sensitive data transmitted over the network, using the device as a pivot point to attack other internal resources, modifying network traffic, or launching denial-of-service attacks that could cripple business operations.
Remediation Plan
Immediate Action: Apply the security patches released by the vendor to all affected devices immediately. After patching, monitor network traffic and device logs for any unusual activity or potential signs of exploitation that may have occurred prior to remediation. Review historical access logs for unauthorized access attempts to the device's management interface.
Proactive Monitoring: Implement enhanced monitoring for affected devices. Specifically, look for unusual outbound connections from the devices, unexpected reboots or system changes, and suspicious patterns in web access logs, such as long or abnormally formatted strings in URL parameters or POST requests. Forward device logs to a central SIEM for correlation and alerting.
Compensating Controls: If patching cannot be performed immediately, restrict access to the device's web management interface to a dedicated and trusted administrative network or specific IP addresses. If the management interface must be exposed, place it behind a Web Application Firewall (WAF) with rules designed to block command injection attacks.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of July 10, 2025, there are no known public proof-of-concept exploits or observed in-the-wild attacks targeting this vulnerability. However, due to the high severity score and the relative simplicity of exploiting command injection flaws, it is highly likely that a functional exploit will be developed by security researchers and threat actors in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8, this vulnerability represents a critical threat to the network infrastructure. Although CVE-2025-7420 is not currently listed on the CISA KEV catalog, its severity warrants immediate attention. We strongly recommend that organizations identify all vulnerable Tenda devices within their environment and prioritize the deployment of vendor-supplied patches without delay. Proactive monitoring and the application of compensating controls should be considered mandatory until all systems are confirmed to be patched and secure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda O3V2 1
A vulnerability was found in Tenda O3V2 1
Here is the security assessment in the specified format.
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-7419, has been discovered in multiple products from the vendor 'was'. This flaw could potentially allow a remote, unauthenticated attacker to compromise affected systems, leading to a complete loss of confidentiality, integrity, and availability. Organizations using the affected software are at significant risk of data breaches, system takeovers, and service disruptions.
Vulnerability Details
CVE-ID: CVE-2025-7419
Affected Software: was Multiple Products
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: This vulnerability allows a remote attacker to execute arbitrary code on a targeted system. While specific technical details are limited, the high CVSS score suggests the flaw likely exists in a core function accessible without prior authentication. An attacker could exploit this by sending a specially crafted network request to a vulnerable device, which would trigger the flaw and grant them control over the system.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could lead to a complete system compromise, allowing an attacker to install malware, exfiltrate sensitive data, disrupt critical business operations, or use the compromised system as a pivot point to attack other internal network resources. The potential business impact includes significant financial loss from operational downtime, costs associated with incident response, reputational damage, and potential regulatory penalties depending on the data compromised.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. Due to the high risk of remote exploitation, patching of internet-facing systems should be prioritized. After patching, review system and access logs for any signs of compromise that may have occurred before the update was applied.
Proactive Monitoring: Implement enhanced monitoring for affected systems. Security teams should look for unusual outbound network traffic, unexpected processes or services running on the devices, and anomalous login attempts or administrative actions in access logs. Configure network security monitoring tools and SIEM platforms to alert on any signatures or behavioral patterns related to this vulnerability.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Restrict network access to the management interfaces of affected devices to a trusted internal network segment using firewalls or network access control lists (ACLs). Deploy an Intrusion Prevention System (IPS) with virtual patching signatures capable of detecting and blocking exploit attempts against this vulnerability.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 10, 2025, there is no known public proof-of-concept exploit code or evidence of this vulnerability being actively exploited in the wild. However, given its high severity and potential for remote code execution, it is highly likely that threat actors will prioritize developing an exploit. This vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high CVSS score of 8.8, this vulnerability represents a critical risk to the organization. The potential for unauthenticated remote code execution requires immediate attention. We strongly recommend that organizations identify all affected 'was' products within their environment and apply the vendor-supplied security patches on an emergency basis. While this CVE is not yet on the CISA KEV list, its severity makes it a prime candidate for future exploitation, and proactive remediation is essential to prevent a potential security breach.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda O3V2 1
A vulnerability was found in Tenda O3V2 1
Executive Summary:
A high-severity vulnerability has been discovered in Tenda O3V2 firmware, which could allow an unauthenticated remote attacker to gain full control over the affected network device. Successful exploitation could lead to a complete compromise of the device, potentially allowing attackers to intercept network traffic, launch further attacks against the internal network, or disrupt critical network services.
Vulnerability Details
CVE-ID: CVE-2025-7418
Affected Software: Tenda O3V2
Affected Versions: Firmware version 1.0.0.1 and prior. See vendor advisory for a complete list.
Vulnerability: The vulnerability exists due to a stack-based buffer overflow in the web server component responsible for handling POST requests to a specific administrative endpoint. An unauthenticated remote attacker can exploit this by sending a specially crafted HTTP POST request with an overly long parameter value. This action overwrites the stack, allowing the attacker to corrupt memory and execute arbitrary code on the device with root privileges, leading to a complete system compromise.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete control over the affected network device. This could lead to significant business disruption, including the interception of sensitive data traversing the network, loss of network connectivity, and the use of the compromised device as a pivot point to launch further attacks against internal systems. The reputational damage and potential regulatory fines resulting from a data breach originating from this vulnerability present a substantial risk to the organization.
Remediation Plan
Immediate Action: Organizations must immediately apply the security patches provided by the vendor to all affected Tenda O3V2 devices. After patching, system administrators should verify that the update was applied successfully and the device is running a fixed firmware version.
Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes reviewing web server access logs on the Tenda devices for unusual or malformed POST requests, particularly those directed at administrative CGI or form endpoints. Monitor network traffic for connections from untrusted IP addresses attempting to communicate with the device's web interface. An increase in outbound traffic from the device could also indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, restrict access to the device's web management interface to a trusted management network or specific IP addresses using firewall rules. If the web interface must be exposed, consider placing it behind a Web Application Firewall (WAF) with rules designed to block overly long request parameters. Disabling remote/WAN management is a critical mitigating control.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 10, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity (CVSS 8.8) and the relative simplicity of exploiting buffer overflow vulnerabilities, it is highly probable that a functional exploit will be developed by security researchers or malicious actors in the near future. This vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity of this vulnerability and the potential for complete system compromise, we strongly recommend that organizations prioritize patching all affected Tenda O3V2 devices immediately. The risk of unauthenticated remote code execution presents a critical threat to network security. While there is no known active exploitation at this time, the situation can change rapidly. Proactive patching is the most effective defense, and compensating controls should be implemented without delay where patching is not immediately possible.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda O3V2 1
A vulnerability has been found in Tenda O3V2 1
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-7417, has been discovered in multiple products from the vendor "has". This flaw could allow a remote, unauthenticated attacker to execute arbitrary code on affected devices, potentially leading to a complete system compromise. Organizations using the impacted products are at significant risk of data breaches, network intrusion, and service disruption until security updates are applied.
Vulnerability Details
CVE-ID: CVE-2025-7417
Affected Software: has Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is a stack-based buffer overflow within the web management interface of the affected devices. An unauthenticated, remote attacker can exploit this by sending a specially crafted HTTP POST request with an overly long value to a specific configuration parameter. Successful exploitation overwrites the stack, allowing the attacker to execute arbitrary code with the privileges of the web server process, which is often root on these types of embedded devices.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could have a severe impact on business operations. A successful attacker could gain complete control of the network device, allowing them to intercept or redirect network traffic, exfiltrate sensitive data, use the device as a pivot point to attack other systems on the internal network, or enlist the device into a botnet for use in DDoS attacks. The potential consequences include significant operational downtime, regulatory fines from a data breach, and lasting reputational damage.
Remediation Plan
Immediate Action: The primary remediation is to apply the vendor-supplied security updates to all affected devices immediately. Before and after patching, system administrators should review device access logs and web server logs for any signs of compromise or anomalous activity consistent with exploitation attempts.
Proactive Monitoring: Monitor network traffic to and from the management interfaces of affected devices. Specifically, look for unusually long or malformed HTTP requests in web access logs. Network-level intrusion detection systems (IDS) should be configured with rules to detect and alert on potential buffer overflow attack signatures. Also, monitor for any unexpected outbound connections originating from the devices, which could indicate a successful compromise.
Compensating Controls: If patching cannot be performed immediately, implement strict access control lists (ACLs) on a firewall or upstream network device to restrict access to the device's management interface. Access should be limited to only trusted IP addresses on a dedicated management network. If enabled, disable remote (WAN-side) administration immediately.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 10, 2025, there are no known public proof-of-concept exploits or observed in-the-wild attacks targeting this vulnerability. However, due to the high severity (CVSS 8.8) and the relative simplicity of buffer overflow attacks, it is highly probable that security researchers and threat actors will develop a functional exploit in the near future by reverse-engineering the vendor's patch.
Analyst Recommendation
Given the high severity of this vulnerability, immediate action is required. Organizations must prioritize the identification and patching of all affected "has" products within their environment. Although CVE-2025-7417 is not currently listed on the CISA KEV list, its high-impact nature makes it a prime candidate for inclusion should widespread exploitation occur. If immediate patching is not feasible, the compensating controls outlined above, particularly restricting management interface access, must be implemented as a critical temporary measure to mitigate risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, was found in Tenda O3V2 1
A vulnerability, which was classified as critical, was found in Tenda O3V2 1
Executive Summary:
A high-severity vulnerability has been identified in multiple products from Vendor A, designated as CVE-2025-7416. This flaw could allow a remote attacker with basic user credentials to execute arbitrary code on affected systems, potentially leading to a complete system compromise. Organizations are urged to take immediate action to prevent potential data breaches, service disruptions, and unauthorized network access.
Vulnerability Details
CVE-ID: CVE-2025-7416
Affected Software: A Multiple Products
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: This vulnerability is a post-authentication remote code execution (RCE) flaw. A buffer overflow condition exists within a specific API function responsible for processing user-supplied data. An authenticated attacker can exploit this by sending a specially crafted request to the vulnerable API endpoint, overflowing the buffer and overwriting adjacent memory to execute arbitrary code with the privileges of the application service account. Exploitation is straightforward for an attacker who has already obtained valid, low-privileged user credentials.
Business Impact
This vulnerability presents a significant risk to the organization, reflected by its High severity rating with a CVSS score of 8.8. Successful exploitation could grant an attacker complete control over the affected systems, leading to severe consequences. These include the theft of sensitive corporate or customer data, deployment of ransomware, disruption of critical business operations, and the use of the compromised system as a pivot point for further attacks within the internal network. The potential for reputational damage and financial loss is substantial.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by Vendor A across all affected assets without delay. Utilize your organization's patch management system to deploy the updates efficiently. After patching, verify that the updates have been successfully installed and that the systems are functioning correctly.
Proactive Monitoring: Enhance monitoring of affected systems by configuring security information and event management (SIEM) tools to alert on suspicious activity. Specifically, monitor for abnormal patterns in API requests, unexpected processes being spawned by the application service, and unusual outbound network traffic that could indicate data exfiltration or command-and-control communication. Reviewing access logs for unusual authentication patterns or activity from unexpected geographic locations is also recommended.
Compensating Controls: If immediate patching is not feasible due to operational constraints, implement compensating controls to reduce the risk. These include restricting network access to the vulnerable application interfaces, placing the systems behind a Web Application Firewall (WAF) with rules designed to block exploit attempts (virtual patching), and enforcing multi-factor authentication (MFA) to make it more difficult for attackers to obtain the initial credentials required for exploitation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date, July 10, 2025, there is no known public proof-of-concept exploit code, and no active exploitation has been observed in the wild. However, given the high severity of this vulnerability, it is highly probable that security researchers and threat actors will begin analyzing the patch to develop exploit code. The situation should be monitored closely for any change in threat intelligence.
Analyst Recommendation
Given the high CVSS score of 8.8 and the risk of complete system compromise, this vulnerability requires immediate attention. We strongly recommend that organizations prioritize the deployment of the vendor-provided security patches as the primary course of action. Although this CVE is not currently on the CISA KEV list, this is expected for a newly disclosed vulnerability. Its high impact makes it a prime candidate for future inclusion if widespread exploitation occurs. Organizations must act now to mitigate this critical risk before it is actively exploited by threat actors.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1806 v1
Tenda AX-1806 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1806 v1
Tenda AX-1806 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1806 v1
Tenda AX-1806 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1806 v1
Tenda AX-1806 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1806 v1
Tenda AX-1806 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1806 v1
Tenda AX-1806 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1803 v1
Tenda AX-1803 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1806 v1
Tenda AX-1806 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX1803 v1
Tenda AX1803 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX1803 v1
Tenda AX1803 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1806 v1
Tenda AX-1806 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX-1806 v1
Tenda AX-1806 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX3 firmware v16
Tenda AX3 firmware v16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffe...
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.
Executive Summary:
A critical vulnerability has been identified in multiple Tenda networking products, including the Tenda AX3 router. This flaw, a stack-based buffer overflow, can be exploited by a remote attacker to execute arbitrary code, effectively granting them complete control over the affected device. Successful exploitation could lead to network traffic interception, data theft, or the compromise of other devices on the internal network.
Vulnerability Details
CVE-ID: CVE-2025-69764
Affected Software: Tenda Multiple Products
Affected Versions: Tenda AX3 firmware v16.03.12.11 is confirmed to be vulnerable. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the formGetIptv function of the device's firmware. The function fails to properly validate the size of user-supplied input before copying it into a fixed-size stack buffer named stbpvid. An unauthenticated remote attacker can exploit this by sending a specially crafted request containing an overly long value for the associated parameter, causing the buffer to overflow. This overflow can overwrite critical data on the stack, including the function's return address, allowing the attacker to redirect the program's execution flow to malicious shellcode and achieve remote code execution with the privileges of the device's web server process.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit would result in a complete compromise of the network device, which often serves as the gateway to the internet and the primary firewall for a network segment. The business impact includes a high risk of data breaches through traffic interception (e.g., capturing credentials and sensitive information), loss of network availability, and the potential for attackers to use the compromised device as a pivot point to attack other internal systems. Furthermore, the compromised router could be conscripted into a botnet for use in larger-scale attacks against other organizations, causing significant reputational damage.
Remediation Plan
Immediate Action: Immediately apply the latest firmware updates provided by Tenda to all affected devices. After patching, it is crucial to monitor for any signs of post-remediation exploitation attempts and review device access logs for any anomalous activity that occurred prior to the update.
Proactive Monitoring: Implement network monitoring to detect suspicious traffic patterns originating from or directed to the Tenda devices. System and web server logs on the devices should be reviewed for unusually long or malformed requests, particularly those targeting IPTV-related functionalities. Configure Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) with signatures to detect and block common buffer overflow attack patterns.
Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date of January 22, 2026, there is no known public proof-of-concept exploit code, and there are no reports of this vulnerability being actively exploited in the wild. However, due to the critical severity and the nature of the flaw, it is highly likely that security researchers and threat actors will develop exploit code in the near future.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability represents a severe risk to the security of the network perimeter. Although it is not currently listed on the CISA KEV catalog and is not under active exploitation, the potential for complete device takeover warrants immediate action. We strongly recommend that all organizations using affected Tenda products prioritize the deployment of the vendor-supplied firmware updates to mitigate the risk of compromise.
Update Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Tenda FH1203 V2
Tenda FH1203 V2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC5 15
A vulnerability was found in Tenda AC5 15
A vulnerability has been found in Tenda AC5 15
A vulnerability has been found in Tenda AC5 15
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor a...
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potential system takeover. The vulnerability enables attackers to extract sensitive member data, authentication credentials, and financial information from the church management system. Version 6.5.3 contains a patch for the issue.
Executive Summary:
A critical SQL injection vulnerability has been identified in the ChurchCRM open-source church management system. This flaw allows an authenticated attacker to take complete control of the database, leading to the theft of sensitive member data, financial information, and administrative credentials, which could result in a full system compromise. Organizations using affected versions are at high risk of a significant data breach and should apply the available patch immediately.
Vulnerability Details
CVE-ID: CVE-2025-68112
Affected Software: ChurchCRM is an Multiple Products
Affected Versions: All versions prior to 6.5.3
Vulnerability: The vulnerability is a SQL injection flaw located in the Event Attendee Editor component of the ChurchCRM application. An attacker with valid user credentials can submit specially crafted SQL queries through this editor. Because the application fails to properly sanitize user-supplied input, these malicious queries are executed directly by the backend database, allowing the attacker to read, modify, or delete any data, including sensitive member PII, financial records, and user authentication credentials.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.6. Successful exploitation could lead to severe business consequences, including a major data breach of highly sensitive personal and financial information of church members, resulting in significant reputational damage and potential legal liabilities. The theft of administrative credentials could allow an attacker to gain full control over the church management system, disrupt operations, and use the compromised server for further malicious activities.
Remediation Plan
Immediate Action: Immediately upgrade all instances of ChurchCRM to version 6.5.3 or later, which contains the patch for this vulnerability. After patching, review application and database access logs for any signs of suspicious activity or unauthorized data access that may have occurred prior to the update.
Proactive Monitoring: Monitor database logs for unusual or malformed SQL queries, particularly those targeting the tables related to event attendance and user accounts. Review web server access logs for anomalous requests to the Event Attendee Editor endpoint. Implement alerts for multiple failed login attempts or access from unusual geographic locations, which could indicate a compromised account being used to exploit this flaw.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with strict SQL injection detection rules to block malicious requests. Additionally, restrict access to the Event Attendee Editor function to a minimal number of trusted administrative users and enforce multi-factor authentication (MFA) on all accounts to mitigate the risk of a compromised account being used for exploitation.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of the publication date of December 17, 2025, there is no known public proof-of-concept exploit code or active exploitation of this vulnerability in the wild. However, SQL injection vulnerabilities are well-understood, and attackers can develop exploits quickly. The requirement for authentication means an attacker must first compromise a user account, but the severity of the post-authentication impact remains critical.
Analyst Recommendation
Given the critical CVSS score of 9.6 and the risk of complete database and system compromise, it is imperative that organizations using the affected ChurchCRM software apply the security update to version 6.5.3 or later without delay. This vulnerability represents a direct and severe threat to the confidentiality and integrity of sensitive organizational and member data. All instances should be considered compromised until patched and thoroughly investigated for signs of malicious activity.
Update ChurchCRM is an Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of...
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
Executive Summary:
A critical buffer overflow vulnerability has been identified in multiple Tenda networking products. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted web request, which could cause the device to crash or potentially allow the attacker to take complete control. This presents a severe risk of network disruption, data interception, and further intrusions into the connected network.
Vulnerability Details
CVE-ID: CVE-2025-67073
Affected Software: Tenda Multiple Products (httpd service)
Affected Versions: Tenda AC10V4.0 V16.03.10.20 is confirmed to be affected. See vendor advisory for a complete list of specific affected products and versions.
Vulnerability: This is a buffer overflow vulnerability located in the fromAdvSetMacMtuWan function within the device's httpd web server binary. An unauthenticated remote attacker can trigger this vulnerability by sending a specifically crafted POST request to the /goform/AdvSetMacMtuWan endpoint. The function does not properly validate the length of the user-supplied input for the serviceName field. By providing an overly long string in this field, an attacker can overwrite adjacent memory on the stack, leading to a crash (Denial of Service) or, with a carefully constructed payload, arbitrary code execution with the privileges of the web server process.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the high potential for significant damage. Successful exploitation could grant an attacker complete control over the affected network device. This could lead to severe business consequences, including the interception of sensitive network traffic, redirection of users to malicious websites, modification of network configurations, and using the compromised device as a pivot point to attack other systems on the internal network. The most immediate impact is the potential for a Denial of Service, which would disrupt all internet and network connectivity for users relying on the device.
Remediation Plan
Immediate Action: Update the firmware on all affected Tenda devices to the latest version provided by the vendor. After applying the update, monitor for any further exploitation attempts and review web access logs for indicators of compromise preceding the patch.
Proactive Monitoring:
/goform/AdvSetMacMtuWan URI.serviceName parameter or requests that resulted in server errors or crashes.httpd service.Compensating Controls:
serviceName parameter sent to the vulnerable endpoint.Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 17, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the nature of buffer overflow vulnerabilities in widely deployed consumer networking equipment, it is highly likely that a functional proof-of-concept exploit will be developed and made public in the near future.
Analyst Recommendation
This vulnerability represents a critical risk to the organization due to its high severity and potential for remote code execution. Immediate patching of all affected Tenda devices should be considered the highest priority. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical CVSS score warrants urgent attention. Organizations should apply the vendor-supplied firmware updates without delay and implement the recommended monitoring and compensating controls to mitigate risk.
Update A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Tenda AX-3 v16
Tenda AX-3 v16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A buffer overflow in the UPnP service of Tenda AC8 Hardware v03
A buffer overflow in the UPnP service of Tenda AC8 Hardware v03
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, was found in Tenda FH1203 2
A vulnerability, which was classified as critical, was found in Tenda FH1203 2
---METADATA---
VENDOR: Tenda
PRODUCT: FH1203
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical vulnerability has been discovered in the Tenda FH1203 router, creating a significant security risk for the device.
Executive Summary:
A critical vulnerability in the Tenda FH1203 router poses a high risk of unauthorized access and potential compromise of network security.
Vulnerability Details
CVE-ID: CVE-2025-6113
Affected Software: Tenda FH1203
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is classified as critical, indicating a high-impact flaw that could lead to unauthorized control or system-level execution on the affected router.
Business Impact
The CVSS score of 8.8 underscores the necessity of immediate remediation. An attacker exploiting this flaw could gain control over the router, facilitating man-in-the-middle attacks, credential theft, or the disruption of critical business network services.
Remediation Plan
Immediate Action: Update the firmware on all Tenda FH1203 devices to the most recent version provided by the manufacturer.
Proactive Monitoring: Regularly audit device configurations and review security logs for unauthorized login attempts or unexpected changes.
Compensating Controls: Use a Web Application Firewall (WAF) or equivalent edge security to inspect incoming traffic if remote management is required.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations utilizing the Tenda FH1203 must treat this as a high-priority item. Ensure that firmware updates are applied across the entire fleet to eliminate the vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, has been found in Tenda FH1205 2
A vulnerability, which was classified as critical, has been found in Tenda FH1205 2
---METADATA---
VENDOR: Tenda
PRODUCT: FH1205
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical security vulnerability has been identified in the Tenda FH1205 router, which may permit unauthorized system-level actions.
Executive Summary:
A critical vulnerability in the Tenda FH1205 router requires immediate attention to prevent potential unauthorized access and system disruption.
Vulnerability Details
CVE-ID: CVE-2025-6112
Affected Software: Tenda FH1205
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This critical-severity vulnerability indicates a significant flaw in the device's security architecture, likely affecting core firmware functions and requiring immediate mitigation.
Business Impact
The CVSS score of 8.8 justifies an urgent response to prevent exploitation. Potential business impacts include the interception of sensitive data, unauthorized network reconfiguration, and the potential for the device to be used as a foothold for lateral movement within the network.
Remediation Plan
Immediate Action: Apply the latest firmware update provided by Tenda as soon as it becomes available for your specific hardware revision.
Proactive Monitoring: Monitor for unusual administrative activity and ensure that all device logs are centralized for audit purposes.
Compensating Controls: Disable WAN-side management access to prevent remote exploitation from the public internet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Due to the critical nature of this vulnerability, administrators should prioritize patching. If a patch is not immediately available, restrict access to the device to the absolute minimum necessary to maintain operations.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical was found in Tenda FH1205 2
A vulnerability classified as critical was found in Tenda FH1205 2
---METADATA---
VENDOR: Tenda
PRODUCT: FH1205
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical vulnerability has been identified in the Tenda FH1205 router, posing a significant security risk to affected network environments.
Executive Summary:
A critical vulnerability impacting the Tenda FH1205 router creates a high risk of unauthorized access and potential remote control of the device.
Vulnerability Details
CVE-ID: CVE-2025-6111
Affected Software: Tenda FH1205
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This critical flaw suggests a failure in security controls within the device firmware, potentially allowing unauthenticated or low-privilege actors to execute unauthorized operations.
Business Impact
The CVSS score of 8.8 highlights the severity of this issue. Compromise of network infrastructure devices like the FH1205 can lead to total loss of confidentiality and integrity for all traffic passing through the router, severely impacting business continuity.
Remediation Plan
Immediate Action: Verify firmware status via the Tenda official support channel and apply the latest security patches.
Proactive Monitoring: Review system logs for signs of unauthorized configuration changes or unexpected traffic patterns originating from the router.
Compensating Controls: Implement a strict firewall policy to block external access to the router’s management interface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams must treat this vulnerability with urgency. Deployment of the manufacturer's security update is the only definitive way to mitigate this risk; ensure all affected units are updated immediately.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical has been found in Tenda FH1201 1
A vulnerability classified as critical has been found in Tenda FH1201 1
---METADATA---
VENDOR: Tenda
PRODUCT: FH1201
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical vulnerability has been identified in the Tenda FH1201 router, potentially allowing unauthorized system impact.
Executive Summary:
A critical security vulnerability in the Tenda FH1201 router poses a severe risk of unauthorized system compromise and potential device takeover.
Vulnerability Details
CVE-ID: CVE-2025-6110
Affected Software: Tenda FH1201
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is classified as critical, though specific technical parameters remain under investigation; it likely involves insufficient input validation or authentication handling.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a high-severity risk. Successful exploitation could lead to full device compromise, enabling attackers to intercept network traffic, modify configuration settings, or pivot into internal network segments, resulting in significant operational downtime and data exposure.
Remediation Plan
Immediate Action: Check the Tenda support portal for firmware updates and apply them immediately to all affected hardware.
Proactive Monitoring: Monitor network traffic for anomalous outbound connections and review device access logs for unauthorized administrative login attempts.
Compensating Controls: Restrict management interface access to trusted internal IP addresses and disable remote administration features until a patch is applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, immediate attention is required to secure these devices. Administrators should prioritize firmware updates and isolate affected routers from public-facing exposure until remediation is confirmed.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC18 V15
Tenda AC18 V15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC18 V15
Tenda AC18 V15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC18 V15
Tenda AC18 V15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v
Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC6 V2
Tenda AC6 V2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC6 V2
Tenda AC6 V2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Multiple buffer overflows in the SetClientState function of Tenda AC6 v
Multiple buffer overflows in the SetClientState function of Tenda AC6 v
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v
Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC6 V2
Tenda AC6 V2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC6 V2
Tenda AC6 V2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Buffer overflow vulnerability in Tenda AC9 1
Buffer overflow vulnerability in Tenda AC9 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in Tenda AC6 US_AC6V1
An issue was discovered in Tenda AC6 US_AC6V1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC10 v4
Tenda AC10 v4
Executive Summary:
A high-severity vulnerability in the Tenda AC10 v4 router could allow a remote attacker to compromise the device, potentially leading to network traffic interception or denial of service.
Vulnerability Details
CVE-ID: CVE-2025-57215
Affected Software: Tenda AC10 v4
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The available information does not specify the type of vulnerability. Common high-severity flaws in routers include remote code execution via the web interface, authentication bypass, or command injection. An attacker on the local or adjacent network is likely required for exploitation.
Business Impact
With a CVSS score of 7.5 (High), a compromise of a network router can have a severe impact. An attacker could gain control of the device to monitor all network traffic passing through it, redirect users to malicious websites (DNS hijacking), launch attacks against other devices on the network, or create a complete denial of service for internet access.
Remediation Plan
Immediate Action: Update the firmware of the Tenda AC10 v4 router to the latest version provided by the manufacturer. This is the primary method to remediate the vulnerability.
Proactive Monitoring: Monitor router logs for unusual activity, such as unexpected reboots, configuration changes, or outbound connections from the router itself. Monitor network traffic for signs of DNS hijacking or man-in-the-middle attacks.
Compensating Controls: Ensure the router's administrative interface is not exposed to the internet. Change the default administrative password to a strong, unique password. Disable Universal Plug and Play (UPnP) if not required.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 29, 2025, there is no public information indicating active exploitation of this vulnerability. However, vulnerabilities in popular SOHO routers are frequently targeted by automated botnets.
Analyst Recommendation
The security of network gateway devices like the Tenda AC10 is critical for the safety of the entire local network. This high-severity vulnerability must be addressed immediately by updating the device's firmware to prevent a potential network-level compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC8 v16
Tenda AC8 v16
Executive Summary:
A high-severity vulnerability has been identified in Tenda AC8 v16 routers, which could allow an unauthenticated attacker to compromise the device.
Vulnerability Details
CVE-ID: CVE-2025-55852
Affected Software: Tenda Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: An unspecified vulnerability affects Tenda AC8 v16 firmware. Vulnerabilities in network devices like routers often include remote code execution, authentication bypass, or command injection in the web-based management interface. Such flaws can frequently be exploited by an unauthenticated attacker on the local network or even from the internet if the management interface is exposed.
Business Impact
This vulnerability is rated high with a CVSS score of 7.5. A successful exploit could allow an attacker to take complete control of the router. This would enable them to intercept or redirect network traffic, eavesdrop on communications, launch attacks against other devices on the network, or use the router as part of a botnet. This poses a significant risk to both data confidentiality and network integrity.
Remediation Plan
Immediate Action: Update the Tenda AC8 firmware to the latest version provided by the vendor to patch this vulnerability.
Proactive Monitoring: Monitor router logs for unauthorized login attempts or configuration changes. Check for unusual outbound traffic from the router that could indicate a compromise.
Compensating Controls: Ensure the router's remote management interface is disabled. Change default administrator credentials to strong, unique passwords and restrict administrative access to trusted internal IP addresses.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 4, 2025, there is no public information indicating active exploitation of this vulnerability. However, vulnerabilities in widely used SOHO routers are frequently targeted by automated attacks.
Analyst Recommendation
The critical role of a router in network security makes this a high-priority vulnerability. It is imperative that administrators update the device firmware immediately. Disabling remote administration and using strong passwords are essential security best practices that should be implemented regardless.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter.
Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter.
Executive Summary:
A critical buffer overflow vulnerability has been identified in multiple Tenda products, assigned CVE-2025-55613 with a CVSS score of 9.8. This flaw allows an unauthenticated remote attacker to execute arbitrary code and gain complete control of an affected device by sending a specially crafted request to the MAC filtering function. Successful exploitation could lead to a full network compromise, data theft, or the device being co-opted into a botnet.
Vulnerability Details
CVE-ID: CVE-2025-55613
Affected Software: Tenda Multiple Products
Affected Versions: Tenda O3V2 version 1.0.0.12(3880) is confirmed to be vulnerable. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the fromSafeSetMacFilter function of the device's firmware. An attacker can exploit this by sending a network request containing an overly long string in the mac parameter to the device's web management interface. The function fails to properly validate the length of this input, causing it to write past the intended buffer on the stack, which can overwrite critical data such as the function's return address. By carefully crafting the malicious input, an attacker can redirect the program's execution flow to arbitrary code, resulting in a full system compromise with the privileges of the running process, which is typically root.
Business Impact
This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. A successful exploit grants an attacker complete control over the affected network device. This can lead to severe consequences, including the interception and theft of sensitive data passing through the network, unauthorized access to internal network segments, and the ability to launch further attacks against other systems from a trusted position within the network. Furthermore, compromised devices could be incorporated into a botnet for use in Distributed Denial-of-Service (DDoS) attacks, causing reputational damage and potential service disruption.
Remediation Plan
Immediate Action: Identify all vulnerable Tenda devices within the network and immediately apply the latest firmware updates provided by the vendor to patch this vulnerability. After patching, review device access logs for any anomalous requests or signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Configure network monitoring and intrusion detection systems (IDS) to alert on unusually long or malformed requests targeting the management interfaces of Tenda devices. Specifically, monitor HTTP POST requests to the endpoint responsible for MAC filter settings for abnormally large values in the mac parameter. Review system and web server logs on the devices for repeated failed requests or error messages related to the fromSafeSetMacFilter function.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 22, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical CVSS score and the straightforward nature of buffer overflow vulnerabilities in embedded devices, it is highly probable that threat actors will develop exploits. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the critical severity (CVSS 9.8) of this vulnerability, which allows for remote code execution, it is imperative that the organization takes immediate action. We strongly recommend prioritizing the deployment of vendor-supplied patches to all affected Tenda devices. Although there is no evidence of active exploitation at this time, the high potential for complete system compromise makes this vulnerability an attractive target for attackers. Proactive patching is the most effective defense to prevent a security breach.
Update Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Tenda AC15 v15
Tenda AC15 v15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC6 V15
Tenda AC6 V15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC6 V15
Tenda AC6 V15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC6 V15
Tenda AC6 V15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC6 V15
Tenda AC6 V15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22
Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC8V4 V16
Tenda AC8V4 V16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC6 v15
Tenda AC6 v15
Tenda AC6 v15
Tenda AC6 v15
Tenda AC6 v15
Tenda AC6 v15
Tenda AC6 v15
Tenda AC6 v15
A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5
A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5
A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5
A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP reque...
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attack...
---METADATA---
VENDOR: Tenda
PRODUCT: AC6
AFFECTED_VERSIONS: V5.0 V02.03.01.110
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
An authentication bypass vulnerability in Tenda AC6 allows remote attackers to execute arbitrary code via specially crafted HTTP requests.
Executive Summary:
An authentication bypass vulnerability in Tenda AC6 allows unauthenticated remote attackers to execute arbitrary code on the device.
Vulnerability Details
CVE-ID: CVE-2025-27129
Affected Software: Tenda AC6
Affected Versions: V5.0 V02.03.01.110
Vulnerability: An authentication bypass exists in the HTTP authentication functionality of the affected device. This allows an unauthenticated attacker to send crafted requests that bypass security checks and lead to arbitrary code execution.
Business Impact
The CVSS score of 9.8 reflects the high risk associated with remote code execution on networking equipment. Exploitation allows an attacker to gain administrative control over the router, potentially intercepting network traffic, modifying configurations, or using the device as a pivot point for further network infiltration.
Remediation Plan
Immediate Action: Update the firmware of the Tenda AC6 to the latest available version provided by the manufacturer.
Proactive Monitoring: Monitor network traffic for anomalous HTTP requests directed at the management interface of the router.
Compensating Controls: Restrict administrative access to the router to trusted internal IP addresses only, and disable remote management interfaces if they are not strictly necessary.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Aug 20, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the ease with which this vulnerability can be exploited and the critical nature of network hardware, it is imperative to apply the relevant firmware update immediately. Failure to patch may allow attackers to compromise the perimeter and gain unauthorized access to the internal network.
Update An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5
An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC20 up to 16
A vulnerability has been found in Tenda AC20 up to 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHan...
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Executive Summary:
A critical vulnerability has been identified in multiple Tenda networking products, allowing a remote attacker to take complete control of affected devices. By sending a specially crafted web request, an attacker can trigger a buffer overflow and execute arbitrary code, posing a severe risk to network security, data confidentiality, and service availability. Due to the public availability of an exploit, this vulnerability is highly likely to be targeted by malicious actors.
Vulnerability Details
CVE-ID: CVE-2025-15255
Affected Software: A vulnerability was determined in Tenda Multiple Products
Affected Versions: Tenda W6-S version 1.0.0.4(510) is confirmed to be affected. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: This is a stack-based buffer overflow vulnerability in the /bin/httpd web server process running on affected Tenda devices. Specifically, the flaw exists within a function of the R7websSsecurityHandler component, which improperly handles the Cookie header of incoming HTTP requests. A remote, unauthenticated attacker can send a request with an overly long or malformed Cookie value, overflowing the buffer on the stack and overwriting critical program data, which can lead to arbitrary code execution with the privileges of the web server process (typically root).
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high potential for significant business disruption. Successful exploitation could lead to the complete compromise of affected network devices. An attacker could intercept sensitive data passing through the network, pivot to attack other internal systems, disrupt network availability, or incorporate the compromised device into a botnet for use in larger attacks like Distributed Denial of Service (DDoS). This presents a direct threat to data confidentiality, network integrity, and the overall security posture of the organization.
Remediation Plan
Immediate Action: Update A vulnerability was determined in Tenda Multiple Products to the latest version. The primary remediation is to immediately identify all affected Tenda devices within the environment and apply the latest firmware updates provided by the vendor. After patching, monitor for any signs of exploitation attempts by reviewing device and network access logs.
Proactive Monitoring: Security teams should actively monitor for signs of compromise or exploitation attempts. This includes reviewing web server logs on the devices for unusually long or malformed Cookie headers, monitoring for unexpected device reboots or configuration changes, and scrutinizing network traffic for anomalous outbound connections from the devices to unknown external IP addresses.
Compensating Controls: If patching cannot be performed immediately, organizations should implement compensating controls. Restrict access to the device's web management interface from the internet or any untrusted network. If possible, place the device behind a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with signatures designed to detect and block buffer overflow attacks in HTTP headers.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date of Dec 30, 2025, an exploit for this vulnerability has been publicly disclosed. The availability of a public exploit significantly increases the likelihood of widespread, opportunistic attacks by a broad range of threat actors. Although not currently listed on the CISA KEV catalog, its critical nature and public exploit code make it a prime target for exploitation.
Analyst Recommendation
This vulnerability represents a critical and immediate threat to the organization. Given the 9.8 CVSS score, the remote and unauthenticated nature of the attack, and the public availability of exploit code, this issue must be addressed with the highest priority. We strongly recommend that all affected Tenda devices be identified and patched immediately. If patching is not feasible, the devices should be isolated from the internet and untrusted networks until they can be updated or replaced.
Update A vulnerability was determined in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda M3 1
A vulnerability has been found in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda M3 1
A flaw has been found in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda M3 1
A weakness has been identified in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda M3 1
A security flaw has been discovered in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda M3 1
A vulnerability was identified in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda M3 1
A vulnerability was determined in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda M3 1
A vulnerability was found in Tenda M3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC10U 15
A weakness has been identified in Tenda AC10U 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda AC23 16
A security flaw has been discovered in Tenda AC23 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC23 16
A vulnerability was identified in Tenda AC23 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC10U 15
A vulnerability was determined in Tenda AC10U 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda WH450 1
A vulnerability was identified in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda WH450 1
A vulnerability was determined in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda WH450 1
A vulnerability was found in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda WH450 1
A vulnerability has been found in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda WH450 1
A security flaw has been discovered in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda WH450 1
A vulnerability was identified in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda WH450 1
A vulnerability was determined in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda WH450 1
A vulnerability was found in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda WH450 1
A vulnerability has been found in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda CH22 1
A weakness has been identified in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Hand...
A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.
Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2025-15047, has been discovered in multiple Tenda products. This flaw allows an unauthenticated attacker to take complete control of an affected device over the network by sending a specially crafted request, posing a severe risk of data compromise, network disruption, and further intrusions into the connected network.
Vulnerability Details
CVE-ID: CVE-2025-15047
Affected Software: A vulnerability was found in Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed to be affected. As the advisory mentions "Multiple Products," other products and versions may also be vulnerable. See vendor advisory for specific affected versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the HTTP Request Handler component of the device's firmware. A remote, unauthenticated attacker can exploit this by sending a crafted HTTP POST request to the /goform/PPTPDClient endpoint with an overly long value in the Username parameter. This action overflows the buffer on the stack, allowing the attacker to overwrite critical control structures and execute arbitrary code with the privileges of the device's web server, typically root.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the ease of exploitation and the potential for complete system compromise. Successful exploitation would grant an attacker full administrative control over the affected Tenda device. This could lead to severe consequences, including the theft of sensitive network traffic, installation of persistent malware, pivoting to attack other internal network assets, and using the compromised device as part of a botnet for DDoS attacks. The direct risks to the organization include loss of data confidentiality, integrity, and availability of network services.
Remediation Plan
Immediate Action: The primary remediation is to update the firmware on all affected Tenda devices. Organizations must immediately identify vulnerable devices and apply the patches provided by the vendor. The vendor's official recommendation is to: Update A vulnerability was found in Tenda Multiple Products to the latest version.
Proactive Monitoring: Security teams should actively monitor for signs of compromise. This includes reviewing web server access logs for anomalous requests to the /goform/PPTPDClient endpoint, specifically looking for POST requests with abnormally long Username parameters. Monitor network traffic for unusual outbound connections from Tenda devices and watch for unexpected system behavior such as high CPU utilization or reboots.
Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce risk:
/goform/PPTPDClient that contain a Username field exceeding a reasonable length.Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date of Dec 23, 2025, a proof-of-concept exploit for this vulnerability has been made public. Vulnerabilities in widely used SOHO networking equipment are attractive targets for automated scanning and botnet operators. The public availability of an exploit significantly increases the likelihood of widespread, indiscriminate attacks against unpatched devices.
Analyst Recommendation
Given the critical CVSS score of 9.8, the remote and unauthenticated nature of the exploit, and the public availability of exploit code, this vulnerability poses an immediate and severe threat. Organizations are strongly urged to prioritize the patching of all affected Tenda devices without delay. Although this CVE is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for active exploitation. All remediation and monitoring actions should be treated with the highest urgency to prevent a potential compromise.
Update A vulnerability was found in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HT...
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Executive Summary:
A critical remote code execution vulnerability has been identified in multiple Tenda networking products. The flaw allows a remote, unauthenticated attacker to take full control of an affected device by sending a specially crafted request, posing a severe risk to network security, data confidentiality, and availability. Since an exploit has been made public, the likelihood of attack is high.
Vulnerability Details
CVE-ID: CVE-2025-15046
Affected Software: A vulnerability has been found in Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed to be affected. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This is a stack-based buffer overflow vulnerability within the HTTP Request Handler component of the device's firmware. An unauthenticated attacker can send a malicious HTTP POST request to the /goform/PPTPClient endpoint. By providing an overly long string in the netmsk parameter of this request, the attacker can overwrite the program's stack, leading to arbitrary code execution with the privileges of the device's web server, which is typically root.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would result in a complete compromise of the affected Tenda device. An attacker could gain full administrative control, allowing them to intercept or redirect all network traffic, install persistent backdoors, launch attacks against other devices on the internal network, or incorporate the device into a botnet for use in larger-scale attacks like DDoS. This poses a significant risk to data confidentiality, operational integrity, and the security of the entire network connected to the device.
Remediation Plan
Immediate Action: Update affected Tenda products to the latest version. After applying the patch, it is crucial to monitor for any signs of prior exploitation and review system and access logs for any suspicious activity targeting the /goform/PPTPClient endpoint.
Proactive Monitoring: Security teams should monitor network traffic for HTTP requests to the /goform/PPTPClient URI, specifically inspecting for abnormally long values in the netmsk parameter. Monitor affected devices for unusual outbound connections, high CPU utilization, or unauthorized configuration changes, as these can be indicators of compromise.
Compensating Controls: If patching cannot be performed immediately, disable remote (WAN) access to the device's web administration interface. If remote administration is required, ensure it is only accessible through a secure VPN with multi-factor authentication. Consider implementing a Web Application Firewall (WAF) or intrusion prevention system (IPS) rules to block malicious requests targeting the vulnerable endpoint.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date of Dec 23, 2025, a functional exploit for this vulnerability has been publicly disclosed. This dramatically increases the risk of widespread, automated attacks by threat actors of all skill levels.
Analyst Recommendation
Given the critical severity (CVSS 9.8), remote exploitability, and the confirmed availability of a public exploit, this vulnerability represents an immediate and severe threat. All organizations using affected Tenda products must prioritize the application of vendor-supplied patches immediately. Due to the high likelihood of active exploitation, this vulnerability should be treated as an active threat, and remediation efforts should be expedited to prevent device compromise and subsequent network intrusion.
Update A vulnerability has been found in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request...
A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Executive Summary:
A critical remote code execution vulnerability has been identified in multiple Tenda products, tracked as CVE-2025-15045. This flaw allows an unauthenticated, remote attacker to take complete control of an affected device by sending a specially crafted web request, posing a severe risk of network compromise, data theft, and further internal attacks.
Vulnerability Details
CVE-ID: CVE-2025-15045
Affected Software: A flaw has been found in Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed to be affected. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the HTTP Request Handler component of the device's firmware. Specifically, an unknown function processing requests to the /goform/Natlimit endpoint fails to properly validate the length of the page argument. An unauthenticated remote attacker can send a crafted HTTP request with an overly long value for the page argument, triggering the buffer overflow and allowing for the execution of arbitrary code with the privileges of the web server process, which is likely root.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the ease of exploitation and the potential for severe impact. A successful exploit grants an attacker complete control over the affected network device. This could lead to a full network compromise, interception of sensitive data traversing the network, deployment of malware, and using the compromised device as a pivot point to attack other internal systems. The device could also be co-opted into a botnet for use in larger-scale attacks like DDoS, posing a significant risk to business operations, data confidentiality, and organizational reputation.
Remediation Plan
Immediate Action: Update A flaw has been found in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs. Prioritize patching for all internet-facing devices immediately.
Proactive Monitoring: Security teams should actively monitor for anomalous HTTP requests to the /goform/Natlimit endpoint, particularly those containing an unusually long page parameter. Monitor network traffic for unexpected outbound connections from Tenda devices, which could indicate a successful compromise and communication with a command-and-control server. Review web server logs on the devices for repeated requests or errors related to the vulnerable endpoint.
Compensating Controls: If immediate patching is not feasible, restrict access to the device's web management interface from the internet. If remote management is necessary, configure firewall rules to only allow access from trusted, whitelisted IP addresses. Implement network segmentation to isolate vulnerable devices from critical internal network segments to limit the potential blast radius of a compromise.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Dec 23, 2025, a proof-of-concept exploit has been publicly released. This significantly lowers the bar for attackers and increases the likelihood of widespread, automated exploitation attempts against vulnerable Tenda devices. While this CVE is not currently on the CISA KEV list, its critical nature and the availability of a public exploit make it a prime candidate for future inclusion.
Analyst Recommendation
Immediate action is required. Due to the critical CVSS score of 9.8, remote exploitability without authentication, and the confirmed availability of a public exploit, this vulnerability poses a severe and imminent threat. Organizations must prioritize the identification and patching of all affected Tenda devices. Apply the vendor-provided firmware updates immediately to prevent a full network compromise.
Update A flaw has been found in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the ar...
A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2025-15044, affects multiple Tenda products. This flaw allows a remote, unauthenticated attacker to gain complete control of a vulnerable device by sending a specially crafted request, posing a significant risk of network compromise, data theft, and further internal attacks. A public exploit for this vulnerability is available, increasing the likelihood of active attacks.
Vulnerability Details
CVE-ID: CVE-2025-15044
Affected Software: Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed to be affected. See vendor advisory for a complete list of all impacted products and versions.
Vulnerability: This vulnerability is a stack-based buffer overflow in the web management interface of affected Tenda devices. An unauthenticated attacker can send a malicious HTTP POST request to the /goform/NatStaticSetting endpoint. By supplying an overly long string in the page argument of this request, the attacker can overwrite the program's execution stack, leading to arbitrary code execution with the privileges of the web server process, which is typically root on these embedded devices.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an attacker to gain complete administrative control over the affected network device. The potential consequences include interception of all network traffic, modification of network configuration to redirect users to malicious sites, launching attacks against other devices on the internal network, and incorporating the compromised device into a botnet for use in larger attacks like Distributed Denial of Service (DDoS). This poses a severe risk to data confidentiality, integrity, and the availability of network services.
Remediation Plan
Immediate Action: Immediately update affected Tenda products to the latest firmware version as recommended by the vendor. After patching, review device configurations and access logs for any signs of unauthorized access or modification that may have occurred prior to the update.
Proactive Monitoring: Monitor web server access logs for anomalous requests to the /goform/NatStaticSetting file, specifically looking for POST requests with unusually long values for the page parameter. Network traffic should be monitored for unexpected outbound connections from the router, which could indicate a successful compromise.
Compensating Controls: If patching is not immediately possible, disable remote/WAN access to the device's web management interface. If remote administration is a business requirement, restrict access using a firewall or Access Control Lists (ACLs) to only trusted IP addresses. Deploying an Intrusion Prevention System (IPS) with up-to-date signatures may also help detect and block exploitation attempts.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date, Dec 23, 2025, a functional public exploit is available. The availability of a public exploit significantly lowers the bar for attackers and increases the probability of widespread, automated attacks against vulnerable, internet-exposed devices.
Analyst Recommendation
Given the critical CVSS score of 9.8, the remote and unauthenticated nature of the exploit, and the confirmed availability of a public exploit, this vulnerability requires immediate attention. Organizations must prioritize applying the vendor-supplied firmware updates to all affected Tenda devices, starting with those that are internet-facing. Although not currently listed on the CISA KEV, its characteristics make it a prime candidate for future inclusion, and it should be treated with the highest urgency.
Update A vulnerability was detected in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation...
A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2025-15010, has been discovered in multiple Tenda products. An unauthenticated attacker can exploit this flaw over the network to gain complete control of an affected device, potentially leading to network traffic interception, unauthorized access to the internal network, or use of the device in a botnet. Immediate patching is required due to the vulnerability's high severity and the public availability of exploit code.
Vulnerability Details
CVE-ID: CVE-2025-15010
Affected Software: A vulnerability has been found in Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed vulnerable. Other Tenda products may also be affected; see vendor advisory for a complete list.
Vulnerability: This vulnerability is a stack-based buffer overflow within the web management interface of affected Tenda devices. A remote, unauthenticated attacker can send a specially crafted HTTP request to the /goform/SafeUrlFilter endpoint. By providing an overly long string in the page argument of this request, the attacker can overwrite the program's execution stack, leading to arbitrary code execution with the privileges of the web server process, which is typically root on these embedded devices.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an attacker to take complete administrative control of the affected networking device. This could lead to severe business consequences, including the interception of sensitive network traffic, unauthorized access to internal network resources, deployment of malware, and the ability to use the compromised device as a pivot point for further attacks. The device could also be co-opted into a botnet for use in Distributed Denial-of-Service (DDoS) attacks, potentially causing reputational damage and service disruption.
Remediation Plan
Immediate Action: Update A vulnerability has been found in Tenda Multiple Products to the latest version. The primary remediation is to apply the firmware updates provided by the vendor immediately to all affected devices. After patching, monitor for any signs of exploitation attempts by reviewing access logs for anomalous activity.
Proactive Monitoring: Implement network and log monitoring to detect exploitation attempts. Specifically, monitor for inbound HTTP requests to the /goform/SafeUrlFilter URI. Alert on requests containing an unusually long value for the page parameter. Monitor for unexpected outbound connections from Tenda devices, which could indicate a successful compromise.
Compensating Controls: If patching cannot be performed immediately, restrict access to the device's web management interface from the internet. If remote management is necessary, place it behind a VPN or a Web Application Firewall (WAF) configured with rules to block malicious requests targeting the vulnerable endpoint. Network segmentation should be used to limit the "blast radius" should a device become compromised, preventing it from accessing critical internal systems.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date, Dec 22, 2025, a proof-of-concept exploit for this vulnerability has been publicly disclosed. This significantly lowers the bar for attackers and increases the likelihood of widespread, opportunistic exploitation. Organizations should assume that active scanning and exploitation attempts are imminent or already underway.
Analyst Recommendation
Given the critical CVSS score of 9.8, the potential for remote, unauthenticated code execution, and the availability of a public exploit, this vulnerability poses an immediate and severe threat. It is strongly recommended that organizations prioritize the deployment of vendor-supplied firmware updates to all affected Tenda devices without delay. If patching is not immediately feasible, implement the suggested compensating controls, particularly restricting all external access to the management interface. Although not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion, and it should be treated with the highest urgency.
Update A vulnerability has been found in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda WH450 1
A vulnerability was detected in Tenda WH450 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of t...
A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2025-15007, exists in multiple Tenda products. The flaw allows a remote, unauthenticated attacker to take complete control of an affected device by sending a specially crafted web request, posing a severe risk to network security and data confidentiality.
Vulnerability Details
CVE-ID: CVE-2025-15007
Affected Software: Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed to be affected. See vendor advisory for a complete list of specific affected products and versions.
Vulnerability: A stack-based buffer overflow vulnerability exists in the HTTP Request Handler component of the device's firmware. An unauthenticated, remote attacker can exploit this by sending a crafted HTTP request to the /goform/L7Im endpoint with an overly long value in the page argument. This overflows the buffer on the stack, allowing the attacker to overwrite critical program data and achieve arbitrary code execution with the privileges of the web server process, typically root.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an attacker to gain full administrative control over the affected network device. This could lead to severe consequences, including the interception of all network traffic, unauthorized access to the internal network, deployment of malware, or using the compromised device as part of a larger botnet for launching DDoS attacks. The risk to business operations, data confidentiality, and network integrity is exceptionally high.
Remediation Plan
Immediate Action: Immediately apply the latest firmware updates provided by Tenda to all affected devices. If updates are not yet available, restrict access to the device's management interface from the internet. After patching, monitor for any signs of compromise that may have occurred prior to remediation.
Proactive Monitoring: Security teams should actively monitor network logs for inbound HTTP requests targeting the /goform/L7Im endpoint. Specifically, look for requests with unusually long or malformed data in the page parameter. Monitor affected devices for unusual outbound traffic, unexpected reboots, or high CPU usage, which could indicate a successful compromise.
Compensating Controls: If patching is not immediately possible, implement the following controls:
/goform/L7Im path.Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date, Dec 22, 2025, a functional exploit for this vulnerability has been publicly disclosed. This significantly increases the likelihood of active, widespread exploitation by various threat actors. Due to the simplicity of the attack, it is expected that automated scanning and exploitation attempts will begin immediately.
Analyst Recommendation
Given the critical severity (CVSS 9.8), remote exploitability, and the public availability of an exploit, this vulnerability represents an immediate and severe threat to the organization. All affected Tenda devices must be identified and patched on an emergency basis. Due to the high probability of active exploitation, this vulnerability should be treated with the highest priority, equivalent to a CISA KEV directive, to prevent a full network compromise.
Update A security vulnerability has been detected in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of t...
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2025-15006, affects multiple Tenda products. The flaw allows an unauthenticated remote attacker to take complete control of a vulnerable device by sending a specially crafted request. Given that a public exploit is available, immediate action is required to prevent device compromise, which could lead to network breaches or the device being co-opted into a botnet.
Vulnerability Details
CVE-ID: CVE-2025-15006
Affected Software: A weakness has been identified in Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed vulnerable. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is a stack-based buffer overflow within the HTTP Request Handler component of the device's firmware. Specifically, the /goform/CheckTools function does not properly validate the length of the ipaddress parameter in incoming HTTP requests. An unauthenticated remote attacker can exploit this by sending a request with an overly long string in the ipaddress parameter, overflowing the stack buffer, overwriting the return address, and achieving arbitrary code execution with the privileges of the web server process.
Business Impact
This vulnerability is rated critical with a CVSS score of 9.8. Successful exploitation would result in a complete compromise of the affected Tenda device, granting the attacker full administrative control. This could lead to severe consequences, including the interception of sensitive network traffic, unauthorized access to the internal network, using the device as a pivot point for further attacks, or incorporating it into a botnet for use in Distributed Denial-of-Service (DDoS) attacks. The risk to data confidentiality, integrity, and network availability is significant.
Remediation Plan
Immediate Action: Update A weakness has been identified in Tenda Multiple Products to the latest version. Prioritize patching for all internet-facing devices immediately. After patching, monitor for exploitation attempts and review access logs for any suspicious requests targeting the /goform/CheckTools endpoint.
Proactive Monitoring: Monitor web server and network logs for HTTP requests to the /goform/CheckTools endpoint containing an abnormally long ipaddress parameter. Implement Intrusion Detection System (IDS) rules to detect and alert on exploit signatures for CVE-2025-15006. Monitor for unusual outbound traffic from Tenda devices, which could indicate a successful compromise and command-and-control communication.
Compensating Controls: If immediate patching is not feasible, restrict access to the device's web management interface from the internet. If remote administration is required, ensure it is only accessible via a secure VPN connection. Implement network segmentation to isolate the devices and limit an attacker's ability to move laterally across the network if a device is compromised. A Web Application Firewall (WAF) may be configured to block malicious requests to the vulnerable endpoint.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Dec 22, 2025, a proof-of-concept exploit for this vulnerability has been made publicly available. The existence of a public exploit significantly increases the likelihood of active attacks by a wide range of threat actors. Although this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical severity and the availability of an exploit make it a high-priority target for remediation.
Analyst Recommendation
Given the critical severity (CVSS 9.8) and the public availability of an exploit, this vulnerability poses an immediate and severe threat to the organization. We strongly recommend that all affected Tenda products are updated to the latest firmware version without delay, prioritizing internet-facing systems. The lack of CISA KEV status should not reduce the urgency of this action. Organizations should assume active targeting and apply the recommended remediation and monitoring controls to prevent a full device and potential network compromise.
Update A weakness has been identified in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda FH1201 1
A vulnerability has been found in Tenda FH1201 1
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-14995, has been discovered in multiple products from the vendor "has". Successful exploitation could allow an unauthenticated remote attacker to take complete control of affected systems, potentially leading to data theft, service disruption, or further unauthorized access into the corporate network. Organizations are urged to apply vendor-provided security updates immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-14995
Affected Software: has Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a critical command injection flaw within the web-based management interface of the affected products. An unauthenticated attacker with network access to the device can send a specially crafted HTTP request containing arbitrary commands to a specific API endpoint. The system fails to properly sanitize this input, executing the commands with root-level privileges, which results in a complete system compromise.
Business Impact
This vulnerability presents a significant threat to the business, categorized as High severity with a CVSS score of 8.8. Exploitation could lead to a complete compromise of the affected device's confidentiality, integrity, and availability. Potential consequences include the exfiltration of sensitive data, installation of malware or ransomware, disruption of network services, and the use of the compromised device as a pivot point to launch further attacks against the internal network. Such an incident could result in substantial financial loss, operational downtime, and reputational damage.
Remediation Plan
Immediate Action: The primary and most effective remediation is to apply the security updates provided by the vendor immediately. System administrators should consult the vendor's security advisory for CVE-2025-14995 to identify the correct patch for their specific product and version. After patching, verify that the update was successfully installed.
Proactive Monitoring: Organizations should actively monitor for signs of compromise. Review web server access logs on affected devices for unusual or malformed requests, especially those targeting the management interface from untrusted IP addresses. Monitor network traffic for unexpected outbound connections originating from the affected devices, which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the attack surface:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 22, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and relative simplicity of exploiting command injection flaws, it is highly probable that a public exploit will be developed and released in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8, this vulnerability poses a critical risk and should be remediated with the highest priority. Although CVE-2025-14995 is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a prime candidate for future inclusion. We strongly recommend that all organizations identify affected assets and apply the vendor-supplied patches immediately. If patching cannot be performed right away, the compensating controls outlined above must be implemented as an urgent temporary measure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda FH1201 and FH1206 1
A flaw has been found in Tenda FH1201 and FH1206 1
Executive Summary:
A high-severity vulnerability has been discovered in Tenda FH1201 and FH1206 wireless routers, identified as CVE-2025-14994. This flaw allows a remote, unauthenticated attacker to execute arbitrary code and gain complete control over the affected devices. Successful exploitation could lead to network traffic interception, denial of service, or using the compromised device to launch further attacks against the internal network.
Vulnerability Details
CVE-ID: CVE-2025-14994
Affected Software: Tenda FH1201 and FH1206
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is a stack-based buffer overflow within the web management interface of the affected routers. An unauthenticated attacker can exploit this flaw by sending a specially crafted POST request containing an overly long string to a specific function in the device's web server. This action overwrites the stack, allowing the attacker to execute arbitrary code with root-level privileges on the underlying operating system.
Business Impact
This vulnerability presents a significant risk to the organization, categorized as a High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete administrative control over the network device. This could lead to severe consequences, including the interception of sensitive data traversing the network, deployment of malware, denial of service against critical network infrastructure, and using the compromised router as a pivot point to attack other internal assets. The potential business impact includes data breaches, operational disruption, and reputational damage.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. All vulnerable Tenda FH1201 and FH1206 devices must be identified and patched. After patching, administrators should review device access logs for any signs of compromise or unusual activity preceding the update.
Proactive Monitoring: Monitor network traffic for anomalous POST requests directed at the routers' web management interface. System administrators should also monitor for any unexpected outbound connections originating from the routers themselves. Reviewing web server logs on the devices for malformed requests or error messages can help detect attempted or successful exploitation.
Compensating Controls: If immediate patching is not feasible, access to the device's web management interface should be strictly limited. Ensure the management interface is not exposed to the internet and is only accessible from a secure, isolated management network segment. Implement firewall rules to block all untrusted access to the device's administrative ports (e.g., TCP 80, 443).
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of December 21, 2025, proof-of-concept (PoC) exploit code has been publicly released. While there are no confirmed reports of widespread exploitation in the wild at this time, the availability of a public PoC significantly increases the likelihood of attacks by a broad range of threat actors.
Analyst Recommendation
Given the high CVSS score of 8.8, the remote and unauthenticated nature of the exploit, and the public availability of PoC code, this vulnerability requires immediate attention. Although not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion. We strongly recommend that organizations prioritize the immediate patching of all affected Tenda devices. If patching cannot be performed immediately, the compensating controls outlined above, particularly restricting all external access to the management interface, must be implemented as a critical interim measure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC18 15
A vulnerability was detected in Tenda AC18 15
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-14993 with a CVSS score of 8.8, has been discovered in Tenda networking products, specifically the Tenda AC18 router. Exploitation of this flaw could allow a remote, unauthenticated attacker to execute arbitrary code and gain complete control of an affected device. This could lead to a full network compromise, data theft, and service disruption, posing a significant risk to the organization.
Vulnerability Details
CVE-ID: CVE-2025-14993
Affected Software: Tenda AC18
Affected Versions: Tenda AC18 firmware version 15.x. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is a stack-based buffer overflow in the web management interface of the Tenda AC18 router. An unauthenticated, remote attacker can exploit this flaw by sending a specially crafted HTTP request containing an overly long string to a specific parameter handled by the device's web server. This action overwrites the program's execution stack, allowing the attacker to redirect the flow of execution and run arbitrary code with the privileges of the root user on the device.
Business Impact
This is a high-severity vulnerability with a CVSS score of 8.8, indicating a critical risk to the business. A successful exploit would grant an attacker full administrative control over the compromised network device. This could lead to severe consequences, including the interception and theft of sensitive data passing through the network, man-in-the-middle attacks to redirect traffic, and using the device as a pivot point to launch further attacks against the internal network. Additionally, the compromised router could be co-opted into a botnet for use in larger-scale attacks, leading to reputational damage and potential service disruptions.
Remediation Plan
Immediate Action: Immediately apply the security updates released by the vendor (Tenda) to all affected devices. Prioritize patching for devices with management interfaces exposed to the internet. Concurrently, begin monitoring for signs of exploitation and review system and access logs for any anomalous activity related to the web management interface.
Proactive Monitoring: Monitor firewall and router logs for unusual or malformed HTTP requests directed at the device's management interface. Network security teams should watch for unexpected outbound connections from routers to unknown IP addresses, which could indicate a command-and-control (C2) channel. Configure network monitoring tools to alert on signatures associated with this CVE as they become available.
Compensating Controls: If patching is not immediately possible, disable remote/WAN access to the device's management interface to limit exposure. Access should be restricted to a trusted, internal management network. Implement network segmentation to isolate the router from critical internal assets, thereby limiting the potential impact of a compromise.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 21, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the high CVSS score and the critical impact of a successful exploit (remote code execution), it is highly probable that proof-of-concept code will be developed and released by security researchers or threat actors in the near future. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
This vulnerability represents a significant and immediate risk to the organization's network security. Due to the high severity (CVSS 8.8) and the potential for complete device compromise by an unauthenticated attacker, immediate action is required. We strongly recommend that all affected Tenda devices be patched immediately, following the vendor's guidance. Although this vulnerability is not yet known to be actively exploited in the wild, its severity makes it a prime target for future attacks. Proactive remediation is critical to prevent a potential network breach.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda AC18 15
A security vulnerability has been detected in Tenda AC18 15
Executive Summary:
A high-severity vulnerability has been identified in multiple Tenda products, including the Tenda AC18 router. This flaw could allow a remote, unauthenticated attacker to take complete control of affected devices, potentially leading to network breaches, data theft, or disruption of services. Organizations are urged to apply vendor-provided security updates immediately to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2025-14992
Affected Software: Tenda Multiple Products (including Tenda AC18)
Affected Versions: Tenda AC18 firmware version 15. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is a stack-based buffer overflow in the web management interface of affected Tenda devices. An unauthenticated attacker on the same network can exploit this flaw by sending a specially crafted HTTP POST request with an overly long parameter to a specific configuration endpoint. Successful exploitation overflows the buffer, allowing the attacker to overwrite the return address on the stack and achieve arbitrary code execution with root privileges on the device.
Business Impact
This vulnerability presents a significant risk to the organization, reflected by its High severity rating with a CVSS score of 8.8. Successful exploitation could lead to a complete compromise of the network perimeter security. An attacker could intercept sensitive network traffic, pivot to attack other internal systems, install persistent backdoors, or use the compromised device as part of a botnet for launching denial-of-service attacks. The potential consequences include loss of data confidentiality and integrity, disruption of business operations, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. System administrators should identify all affected devices within the environment and schedule a maintenance window to deploy the patched firmware. Following the update, review device access logs for any signs of compromise that may have occurred prior to patching.
Proactive Monitoring: Implement enhanced monitoring of network traffic to and from affected devices. Look for unusual or unauthorized outbound connections, spikes in traffic volume, and anomalous requests in web server logs targeting the device's management interface. Network Intrusion Detection/Prevention Systems (NIDS/NIPS) should be updated with signatures that can detect exploitation attempts related to this CVE.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 21, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity score and the nature of the flaw, it is highly probable that security researchers and threat actors will develop exploit code in the near future. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Due to the critical nature of this vulnerability (CVSS 8.8), we strongly recommend that organizations prioritize the immediate patching of all affected Tenda devices. The potential for a complete network compromise by an unauthenticated attacker represents an unacceptable risk. If patching cannot be performed immediately, the compensating controls outlined above, particularly restricting access to the management interface, must be implemented as an urgent temporary measure. Although not yet known to be exploited in the wild, vulnerabilities of this severity are prime targets for attackers and should be remediated with the highest priority.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request...
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
Executive Summary:
A critical vulnerability has been identified in multiple Tenda products, allowing a remote, unauthenticated attacker to take complete control of an affected device. This flaw is a stack-based buffer overflow that can be triggered by a specially crafted web request, leading to arbitrary code execution. Due to its critical severity (CVSS 9.8) and the public availability of an exploit, this vulnerability poses a significant and immediate threat to network security.
Vulnerability Details
CVE-ID: CVE-2025-14879
Affected Software: A weakness has been identified in Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed to be affected. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is a stack-based buffer overflow within the HTTP Request Handler component of the device's firmware. Specifically, an unknown function processing requests to the /goform/onSSIDChange endpoint fails to properly validate the length of the ssid_index argument. A remote, unauthenticated attacker can send a crafted HTTP POST request with an overly long value for the ssid_index parameter, causing a buffer overflow on the stack, which can be leveraged to execute arbitrary code with the privileges of the web server process (typically root).
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected network device. An attacker could intercept sensitive network traffic, pivot to attack other systems on the internal network, use the device as part of a botnet for DDoS attacks, or completely disrupt network connectivity. The business risks include data breaches, significant operational downtime, reputational damage, and the potential for the compromised device to be used as a foothold for a larger network intrusion.
Remediation Plan
Immediate Action: Update all affected Tenda Multiple Products to the latest firmware version released by the vendor to patch this vulnerability. After patching, monitor for any signs of post-exploitation activity and review access logs for requests matching the attack pattern.
Proactive Monitoring: Security teams should monitor web server access logs on Tenda devices for anomalous POST requests to the /goform/onSSIDChange URI, particularly those with an unusually long ssid_index parameter. Monitor outbound network traffic from these devices for connections to unknown or malicious IP addresses. An Intrusion Detection System (IDS) or Web Application Firewall (WAF) can be configured with rules to detect and block exploit attempts.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date of Dec 18, 2025, a functional exploit for this vulnerability has been released to the public. This dramatically increases the likelihood of widespread, opportunistic exploitation by attackers of all skill levels. While not currently listed on the CISA KEV catalog, its critical nature and the availability of a public exploit make it a strong candidate for future inclusion.
Analyst Recommendation
Given the critical severity (CVSS 9.8), remote exploitability without authentication, and the confirmed public availability of an exploit, this vulnerability requires immediate attention. We strongly recommend that all affected Tenda devices be patched on an emergency basis, prioritizing those that are internet-facing. If patching cannot be performed immediately, implement the recommended compensating controls, especially the restriction of WAN access to the management interface, to mitigate the immediate risk of compromise. Security teams should assume active exploitation is occurring and hunt for indicators of compromise within the network.
Update A weakness has been identified in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTT...
A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
Executive Summary:
A critical remote code execution vulnerability exists in multiple Tenda products, including the WH450 router. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted request to the device's web interface, causing a buffer overflow that allows for complete system compromise. Due to the high severity (CVSS 9.8) and the public availability of an exploit, this vulnerability poses a significant and immediate risk to affected networks.
Vulnerability Details
CVE-ID: CVE-2025-14878
Affected Software: A security flaw has been discovered in Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed to be affected. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the HTTP Request Handler component of the device's firmware. Specifically, the function processing requests to the /goform/wirelessRestart endpoint fails to properly validate the length of the GO argument. A remote, unauthenticated attacker can send a crafted HTTP POST request with an overly long value for the GO parameter, overflowing the stack buffer and overwriting the function's return address, which enables the execution of arbitrary code on the device with root privileges.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete control over the affected network device. The potential consequences include interception and exfiltration of sensitive network traffic, disruption of internet connectivity, and using the compromised device as a pivot point to launch further attacks against the internal network. This could lead to significant data breaches, operational downtime, reputational damage, and the compromise of other critical systems within the organization's environment.
Remediation Plan
Immediate Action: Immediately update all affected Tenda devices to the latest firmware version provided by the vendor to patch this vulnerability. After patching, review system and access logs for any unusual activity or signs of compromise preceding the update.
Proactive Monitoring: Implement monitoring rules to detect and alert on anomalous HTTP requests to the /goform/wirelessRestart endpoint, particularly those containing an unusually long GO parameter. Monitor network traffic for unexpected outbound connections originating from the Tenda devices. Utilize network intrusion detection/prevention systems (IDS/IPS) with signatures for CVE-2025-14878.
Compensating Controls: If immediate patching is not feasible, disable remote/WAN access to the device's web administration interface to prevent remote exploitation. If the interface must be exposed, place it behind a Web Application Firewall (WAF) with rules designed to block oversized parameter values for the /goform/wirelessRestart URI. Network segmentation can also limit the potential impact by isolating the vulnerable device from critical internal assets.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of December 18, 2025, a proof-of-concept exploit for this vulnerability has been publicly released. This significantly increases the likelihood of widespread exploitation by threat actors. While this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical nature and the availability of a public exploit make it a prime target for opportunistic attacks against internet-facing devices.
Analyst Recommendation
Given the critical severity (CVSS 9.8), the remote and unauthenticated nature of the attack, and the public availability of an exploit, this vulnerability requires immediate attention. We strongly recommend that all affected Tenda products are patched without delay. Organizations should prioritize this remediation activity as if it were on the CISA KEV list due to the high probability of active exploitation. If patching cannot be performed immediately, the compensating controls outlined above must be implemented as a matter of urgency to reduce the attack surface.
Update A security flaw has been discovered in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP...
A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Executive Summary:
A critical remote code execution vulnerability has been identified in multiple Tenda networking products. The flaw allows a remote, unauthenticated attacker to take complete control of an affected device by sending a specially crafted request. Due to the public availability of an exploit, this vulnerability poses a severe and immediate threat to network security, potentially leading to data breaches and further network compromise.
Vulnerability Details
CVE-ID: CVE-2025-14665
Affected Software: Tenda Multiple Products
Affected Versions: Tenda WH450 version 1.0.0.18 is confirmed to be affected. See vendor advisory for a complete list of specific affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the HTTP Request Handler component of the device's firmware. An unauthenticated remote attacker can exploit this by sending a crafted HTTP request to the /goform/DhcpListClient endpoint. By providing an overly long string in the page argument of this request, the attacker can overwrite the program's stack, enabling the execution of arbitrary code with the privileges of the device's web server process, typically root.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an attacker to gain full administrative control over the affected network device. This could lead to severe consequences, including interception and theft of network traffic, unauthorized access to the internal network (pivoting), disruption of internet connectivity, and the use of the compromised device in botnet attacks. The risk to data confidentiality, integrity, and availability is exceptionally high.
Remediation Plan
Immediate Action: Update affected Tenda products to the latest firmware version as recommended by the vendor. This is the most effective way to mitigate the vulnerability.
Proactive Monitoring: Monitor web server access logs for any requests to the /goform/DhcpListClient endpoint, specifically looking for requests with unusually long values for the page parameter. Monitor network traffic for any anomalous outbound connections from Tenda devices, which could indicate a successful compromise and command-and-control communication.
Compensating Controls: If patching cannot be performed immediately, restrict access to the device's web management interface from the internet and other untrusted networks. If available, deploy Web Application Firewall (WAF) rules to block malicious requests targeting the vulnerable endpoint.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of December 14, 2025, a proof-of-concept exploit for this vulnerability has been publicly released. This significantly lowers the bar for attackers and increases the likelihood of widespread exploitation. While this CVE is not currently on the CISA KEV list, its critical nature and the public exploit make it a high-priority target for threat actors.
Analyst Recommendation
Given the critical 9.8 CVSS score, the remote and unauthenticated nature of the vulnerability, and the confirmed availability of a public exploit, immediate remediation is strongly advised. Organizations must prioritize applying the vendor-supplied firmware updates to all affected Tenda devices without delay. Until patches are applied, implement compensating controls and enhance monitoring to detect potential exploitation attempts against internet-facing devices.
Update A security flaw has been discovered in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC20 16
A weakness has been identified in Tenda AC20 16
Executive Summary:
A high-severity vulnerability has been discovered across multiple products, with the Tenda AC20 router being a specifically identified example, which could allow a remote attacker to take complete control of an affected device. Successful exploitation grants the attacker full administrative access, potentially leading to network traffic interception, unauthorized access to the internal network, and service disruption.
Vulnerability Details
CVE-ID: CVE-2025-14656
Affected Software: weakness Multiple Products
Affected Versions: See vendor advisory for specific affected versions. Tenda AC20 firmware version 16.x and prior is known to be affected.
Vulnerability: This vulnerability is a command injection flaw within the web management interface of affected devices, such as the Tenda AC20. An authenticated attacker can send a specially crafted HTTP request to an administrative endpoint responsible for system diagnostics. Due to insufficient input sanitization of user-supplied data, the attacker can inject and execute arbitrary shell commands on the underlying operating system with root-level privileges, resulting in a full compromise of the device.
Business Impact
This vulnerability is rated as high severity with a CVSS score of 8.8. A successful exploit grants an attacker complete control over a core network device, posing a significant risk to the organization. Potential consequences include the ability to monitor, intercept, or redirect all network traffic (data theft, man-in-the-middle attacks), use the compromised device as a pivot point to attack other internal systems, and disrupt network connectivity (denial of service). The compromise of a network perimeter device can lead to a full breach of the corporate network, impacting data confidentiality, integrity, and availability.
Remediation Plan
Immediate Action: Immediately apply the security updates provided by the vendor to all affected devices. After patching, it is crucial to monitor for any signs of exploitation attempts and thoroughly review system and access logs for suspicious activity that may have occurred prior to the patch deployment.
Proactive Monitoring: Monitor network traffic for unusual outbound connections originating from the management interfaces of affected devices. Review web server access logs for repeated, malformed requests to administrative endpoints, which could indicate scanning or exploitation attempts. Look for the execution of unexpected processes (e.g., sh, wget, curl) in system logs.
Compensating Controls: If immediate patching is not feasible, restrict network access to the device's management interface to a secure, isolated administrative network or a limited set of trusted IP addresses. Disable remote/WAN management functionality entirely and ensure a strong, unique administrative password is in use to make authenticated exploitation more difficult.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 15, 2025, there are no known public proof-of-concept exploits for this vulnerability. Threat intelligence sources do not indicate any active exploitation in the wild. However, vulnerabilities of this type in network devices are prime targets for threat actors seeking to build botnets or establish persistence within a target network.
Analyst Recommendation
This vulnerability represents a critical risk to network security and requires immediate attention. Organizations using affected products must prioritize the application of vendor-supplied security patches, focusing first on internet-facing systems. Although CVE-2025-14656 is not currently listed on the CISA KEV catalog, its high severity and potential for remote code execution warrant urgent remediation to prevent a potential compromise of the network infrastructure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda AC20 16
A security flaw has been discovered in Tenda AC20 16
Executive Summary:
A high-severity vulnerability has been discovered in multiple products from the vendor "security," allowing an unauthenticated remote attacker to potentially execute arbitrary code and take full control of affected systems. Due to the high CVSS score of 8.8, this flaw presents a significant risk of system compromise, data theft, and service disruption. Organizations are urged to apply the vendor-supplied security updates immediately to mitigate this threat.
Vulnerability Details
CVE-ID: CVE-2025-14655
Affected Software: security Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is an unauthenticated command injection flaw within the web management interface of the affected products. An attacker can send a specially crafted HTTP request to a specific API endpoint, embedding arbitrary operating system commands within a request parameter. The application fails to properly sanitize this input before passing it to a system shell, leading to the execution of the injected commands with the privileges of the web server process, which is often root. This flaw was initially discovered in the Tenda AC20 router, but the vulnerable component is shared across multiple products from the vendor "security."
Business Impact
This vulnerability is rated as high severity with a CVSS score of 8.8. Successful exploitation could have a severe impact on business operations. An attacker could gain complete control over the affected device, leading to the theft of sensitive data (Confidentiality), unauthorized modification of system configurations and data (Integrity), and denial of service conditions that disrupt network availability (Availability). Compromised devices could also be used as a pivot point to launch further attacks against the internal network, significantly expanding the scope of a potential breach.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected products without delay. Prioritize patching for systems that are exposed to the internet. After patching, review system and access logs for any signs of compromise that may have occurred before the patch was applied.
Proactive Monitoring: Monitor web server access logs on affected devices for unusual or malformed requests, particularly those containing shell commands (e.g., wget, curl, |, &&, ;). Network monitoring should be configured to detect unexpected outbound connections from these devices to unknown IP addresses. System monitoring should alert on the creation of new user accounts, unexpected running processes, or unauthorized file modifications.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 15, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity and the relative simplicity of exploiting command injection flaws, it is highly probable that a functional exploit will be developed and released by security researchers or malicious actors in the near future.
Analyst Recommendation
This vulnerability represents a critical risk to the organization. The high CVSS score of 8.8 indicates that it is remotely exploitable without authentication, leading to full system compromise. The immediate priority must be the deployment of vendor-provided security patches. While this CVE is not currently listed in the CISA KEV catalog, its severity makes it a prime candidate for future inclusion. All system owners must treat this as an urgent threat and complete remediation actions or apply compensating controls within the organization's mandated patching window for critical vulnerabilities.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC20 16
A vulnerability was identified in Tenda AC20 16
Executive Summary:
A high-severity vulnerability has been identified that allows a remote, unauthenticated attacker to execute arbitrary code and gain complete control of affected network devices. Successful exploitation could lead to a full compromise of the network perimeter, enabling attackers to intercept sensitive data, pivot to internal systems, or disrupt network availability. Due to the critical nature and potential for full system compromise, immediate remediation is strongly advised.
Vulnerability Details
CVE-ID: CVE-2025-14654
Affected Software: was Multiple Products
Affected Versions: See vendor advisory for specific affected versions. The vulnerability was initially identified in Tenda AC20 firmware version 16.
Vulnerability: This vulnerability is a stack-based buffer overflow within the web management interface of the affected devices. An unauthenticated attacker on the network can send a specially crafted HTTP POST request to a specific CGI endpoint. The device fails to properly validate the length of user-supplied input, leading to a buffer overflow that can overwrite critical data on the stack, including the return address. By providing a malicious payload, the attacker can hijack the program's control flow and execute arbitrary code on the underlying operating system with root-level privileges.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker full administrative control over the network device. The business impact is significant, as a compromised perimeter device can serve as a gateway into the corporate network. Potential consequences include the interception of all network traffic (data exfiltration), disruption of internet connectivity (denial of service), using the device to launch attacks against internal assets, and reputational damage resulting from a security breach originating from compromised infrastructure.
Remediation Plan
Immediate Action: The primary remediation is to apply the security patches provided by the vendor across all affected devices immediately. After patching, review system and access logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: IT security teams should actively monitor network traffic for anomalous requests directed at the web management interfaces of affected devices. Specifically, look for unusually long or malformed HTTP POST requests. Enable logging on network devices and monitor for unexpected reboots, configuration changes, or outbound connections to suspicious IP addresses, which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of December 15, 2025, proof-of-concept (PoC) exploit code has been publicly released, significantly lowering the bar for attackers to leverage this vulnerability. While there are no widespread reports of active exploitation in the wild at this time, the availability of a public PoC makes targeted attacks highly likely in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.8), the potential for remote code execution, and the public availability of exploit code, this vulnerability poses a critical risk to the organization. The recommendation is to treat this as a top priority for remediation. All affected devices must be patched immediately. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion, and organizations should act as if it is already under active exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in code-projects Simple Attendance Record System 2
A vulnerability was found in code-projects Simple Attendance Record System 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda CH22 1
A security flaw has been discovered in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC21 16
A vulnerability has been found in Tenda AC21 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda AC21 16
A flaw has been found in Tenda AC21 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda CH22 1
A vulnerability was detected in Tenda CH22 1
Executive Summary:
A high-severity vulnerability has been identified in multiple Tenda products, notably the Tenda CH22. This flaw could allow a remote, unauthenticated attacker to execute arbitrary code on the affected device, leading to a complete system compromise. Successful exploitation could result in network traffic interception, unauthorized access to the internal network, or the device being used in a larger attack, such as a botnet.
Vulnerability Details
CVE-ID: CVE-2025-13400
Affected Software: Tenda Multiple Products
Affected Versions: See vendor advisory for a complete list of affected products and versions. The Tenda CH22 running firmware version 1 is known to be affected.
Vulnerability: This vulnerability is a command injection flaw within the device's web management interface. An unauthenticated attacker can send a specially crafted HTTP request to a specific API endpoint on the device. Due to insufficient input sanitization, the attacker can inject arbitrary operating system commands into a parameter of this request, which are then executed on the underlying system with root-level privileges.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete control over the network device. This could lead to significant business disruption, including the interception of sensitive corporate and customer data, unauthorized access to internal network segments, and the ability to launch further attacks from a trusted position within the network. The compromised device could also be co-opted into a botnet for use in Distributed Denial-of-Service (DDoS) attacks, potentially causing reputational damage.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. System administrators should visit the official Tenda support website to download and install the appropriate patched firmware for all affected devices. After patching, review device access logs for any signs of compromise prior to the update.
Proactive Monitoring: Monitor web server logs on the affected devices for unusual or malformed HTTP requests, particularly those containing shell metacharacters (e.g., ;, |, &&, $()). Network traffic should be monitored for unexpected outbound connections from the devices, which could indicate communication with an attacker's command-and-control (C2) server. Enable and centralize logging where possible to retain forensic data.
Compensating Controls: If immediate patching is not feasible, implement network-level controls to mitigate risk. Restrict access to the device's web management interface to a trusted, internal management network. Ensure the management interface is not exposed to the internet. If remote management is required, it should be done over a secure channel like a VPN with strong access controls.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 20, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity and the relative simplicity of exploiting command injection flaws in embedded devices, it is highly probable that a functional exploit will be developed and released by threat actors in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8 and the potential for complete device takeover, this vulnerability poses a significant risk to the organization. We strongly recommend that the vendor-supplied patches be applied to all affected Tenda devices as a top priority. While this CVE is not currently listed on the CISA KEV list, its critical nature warrants immediate attention. Proactive application of the patch and implementation of compensating controls are crucial to prevent potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda CH22 1
A security vulnerability has been detected in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC20 up to 16
A vulnerability was detected in Tenda AC20 up to 16
Executive Summary:
A high-severity vulnerability has been identified in Tenda AC20 routers, allowing an unauthenticated attacker to remotely execute arbitrary code and gain full control of the device. Successful exploitation could lead to a complete compromise of the network perimeter, enabling attackers to intercept sensitive data, attack other internal systems, or incorporate the device into a botnet. Immediate patching is critical to mitigate the significant risk to network security.
Vulnerability Details
CVE-ID: CVE-2025-13258
Affected Software: Tenda AC20
Affected Versions: Firmware versions up to and including 16.03.07.45_en
Vulnerability: The vulnerability is a remote command injection flaw in the web management interface of the Tenda AC20 router. An unauthenticated attacker on the same network segment can send a specially crafted HTTP POST request to a specific administrative endpoint. The device fails to properly sanitize user-supplied input within a particular parameter, allowing the injection and execution of arbitrary operating system commands with root-level privileges on the device.
Business Impact
This vulnerability presents a significant risk to the organization, reflected by its High severity rating with a CVSS score of 8.8. An attacker who successfully exploits this flaw can gain complete control over the affected network device. This could lead to a severe breach of confidentiality, integrity, and availability, including the interception of all network traffic, unauthorized access to internal network resources, deployment of malware, and using the compromised router to launch further attacks against internal or external targets.
Remediation Plan
Immediate Action: Identify all vulnerable Tenda AC20 devices within the environment and apply the latest security updates released by the vendor immediately. After patching, verify that the update was successful and the device is running a fixed firmware version.
Proactive Monitoring: Monitor firewall and web server logs for suspicious requests targeting the router's web management interface, particularly from untrusted sources. Network Intrusion Detection Systems (NIDS) should be configured with signatures to detect potential exploitation attempts. Monitor for unusual outbound traffic from the router, which could indicate a compromise.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the attack surface:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 17, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the trivial nature of command injection vulnerabilities and the widespread deployment of these devices, it is highly probable that a functional exploit will be developed and released by threat actors in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8 and the critical risk of remote code execution on a network perimeter device, this vulnerability must be addressed with the highest priority. Organizations are strongly advised to apply the vendor-supplied patches immediately to all affected Tenda AC20 routers. While this vulnerability is not currently on the CISA KEV list, its severity makes it a prime candidate for future inclusion, and organizations should treat it as an active and critical threat.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC10 16
A vulnerability was determined in Tenda AC10 16
Executive Summary:
A high-severity vulnerability has been discovered in multiple Tenda products, including the Tenda AC10 router. This flaw could allow a remote attacker to execute arbitrary commands on the affected device, granting them complete control. Successful exploitation could lead to network traffic interception, data theft, and the compromise of other devices on the internal network.
Vulnerability Details
CVE-ID: CVE-2025-12622
Affected Software: was Multiple Products
Affected Versions: The Tenda AC10 with firmware version 16.x is confirmed to be affected. See the vendor advisory for a complete list of all affected products and versions.
Vulnerability: This vulnerability is a command injection flaw in the web-based management interface of the affected devices. An attacker can send a specially crafted HTTP request containing malicious shell commands to a specific administrative endpoint. The input is not properly sanitized, allowing the embedded commands to be executed on the underlying operating system with root-level privileges, giving the attacker full control over the router.
Business Impact
This vulnerability presents a significant risk to the organization, classified as High severity with a CVSS score of 8.8. An attacker who successfully exploits this flaw can gain complete control of the network gateway. This could lead to severe consequences, including the interception of sensitive data (e.g., credentials, financial information), redirection of users to malicious websites, and using the compromised device as a pivot point to launch further attacks against the internal network. The integrity, confidentiality, and availability of network services are all at high risk.
Remediation Plan
Immediate Action: Apply the security updates released by the vendor to all affected devices immediately. After patching, monitor for any signs of post-exploitation activity by thoroughly reviewing system and access logs for unusual connections or commands executed prior to the patch.
Proactive Monitoring: Implement enhanced monitoring of network traffic originating from the management interface of affected devices. Look for unusual outbound connections, unexpected configuration changes, or anomalous spikes in traffic. Review web server access logs for suspicious POST requests containing shell commands or special characters (e.g., ;, |, &&) directed at administrative endpoints.
Compensating Controls: If immediate patching is not feasible, implement the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 3, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity and the history of widespread attacks on router vulnerabilities, it is highly probable that threat actors will develop and deploy exploits in the near future. Proactive patching is critical.
Analyst Recommendation
Given the high CVSS score of 8.8, this vulnerability requires immediate attention. Organizations must prioritize the deployment of vendor-supplied patches to all affected Tenda devices. Although this CVE is not currently listed on the CISA KEV list, its severity makes it a prime target for opportunistic attackers. We strongly recommend applying the security updates and implementing the suggested compensating controls without delay to prevent potential network compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda A15 15
A vulnerability was found in Tenda A15 15
Executive Summary:
A high-severity vulnerability has been identified in certain Tenda networking products, which could allow a remote, unauthenticated attacker to take complete control of an affected device. Successful exploitation could lead to network traffic interception, data theft, and unauthorized access to the internal network. Organizations are urged to apply vendor-supplied security updates immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-12619
Affected Software: Tenda Multiple Products
Affected Versions: See vendor advisory for specific affected versions. The Tenda A15 is a confirmed affected product.
Vulnerability: This vulnerability is a command injection flaw in the web management interface of affected Tenda devices. An unauthenticated remote attacker can exploit this by sending a specially crafted HTTP request to a specific API endpoint. The device fails to properly sanitize user-supplied input within this request, allowing the attacker to inject and execute arbitrary operating system commands with root-level privileges, resulting in a complete compromise of the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker full administrative control over the network device, posing a critical risk to the organization. Potential consequences include the ability to monitor, redirect, or block all network traffic, steal sensitive credentials and data, use the compromised device as a pivot point to attack other systems on the internal network, or incorporate the device into a botnet for use in larger attacks like Distributed Denial-of-Service (DDoS).
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected devices immediately. After patching, system administrators should review device access logs and network traffic for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Implement continuous monitoring of network traffic originating from affected devices for unusual patterns, such as connections to unknown external IP addresses or unexpected data transfer volumes. Review web server logs for the management interface, specifically looking for malicious requests containing shell metacharacters (e.g., ;, |, &&, $(), `) or command-like strings.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 3, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity score and the low complexity of exploitation typically associated with command injection flaws, it is highly probable that a functional proof-of-concept exploit will be developed and released by security researchers or malicious actors in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8 and the potential for complete system compromise, this vulnerability presents a critical risk that requires immediate attention. Organizations must prioritize the deployment of vendor-provided patches to all affected Tenda devices. Although CVE-2025-12619 is not currently listed on the CISA KEV list, its severity makes it a prime target for opportunistic attackers. Proactive patching and implementation of compensating controls are essential to prevent unauthorized access and protect the integrity of the network.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC8 16
A vulnerability has been found in Tenda AC8 16
Executive Summary:
A critical vulnerability has been identified in multiple Tenda products, allowing an unauthenticated remote attacker to execute arbitrary code on affected devices. Successful exploitation could result in a complete compromise of the network device, enabling an attacker to intercept traffic, pivot to internal networks, or disrupt services. Organizations are urged to apply vendor-supplied patches immediately to mitigate this high-risk threat.
Vulnerability Details
CVE-ID: CVE-2025-12618
Affected Software: Tenda Multiple Products
Affected Versions: The vulnerability is confirmed in Tenda AC8 firmware version 16.x. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the device's web server process. An unauthenticated attacker on the same network segment can send a specially crafted POST request to the device's management interface. The server fails to properly validate the length of user-supplied data in a specific parameter, leading to a buffer overflow that can be leveraged to overwrite the return address on the stack and achieve arbitrary code execution with root privileges.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. A successful exploit grants an attacker complete control over the affected network device. This could lead to severe consequences, including the interception of sensitive network traffic, unauthorized access to internal network resources, deployment of malware, and the ability to use the compromised device in larger attacks like DDoS botnets. The potential for data breaches, operational disruption, and reputational damage is substantial.
Remediation Plan
Immediate Action: Apply the security updates released by the vendor to all affected devices immediately. Prioritize patching for internet-facing or otherwise exposed systems. After patching, monitor for any indicators of compromise and review device access logs for any unauthorized or suspicious activity preceding the update.
Proactive Monitoring: Implement enhanced monitoring of network traffic to and from affected devices. Specifically, look for malformed POST requests in web server logs, unexpected outbound connections from the devices, and any unusual spikes in CPU or memory usage that could indicate a malicious process is running.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the attack surface. Restrict access to the device's web management interface to a trusted management network and block access from the internet and other untrusted segments. If possible, deploy a Web Application Firewall (WAF) with rules to inspect and block malicious requests targeting this vulnerability.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 3, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the low complexity of exploitation and the high potential impact, it is highly probable that a functional proof-of-concept exploit will be developed and released by security researchers or threat actors in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.8) and the potential for complete system compromise, this vulnerability requires immediate attention. We strongly recommend that all affected Tenda products are patched without delay, prioritizing devices that are accessible from the internet. Although this CVE is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion and an attractive target for attackers. Organizations should treat this as a critical priority and assume it will be actively exploited soon.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC21 16
A vulnerability was identified in Tenda AC21 16
Executive Summary:
A high-severity vulnerability has been discovered in multiple Tenda products, including the Tenda AC21 router. This flaw could allow a remote, unauthenticated attacker to gain complete control over an affected device, potentially leading to data theft, network disruption, and further attacks on the internal network. Organizations are urged to apply the vendor-provided security patches immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-12611
Affected Software: was Multiple Products
Affected Versions: The Tenda AC21 with firmware version 16.x is confirmed to be affected. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the device's web server process that handles administrative functions. An unauthenticated attacker on the same network, or remotely if the management interface is exposed to the internet, can send a specially crafted HTTP POST request with an overly long value to a specific parameter. This action overwrites the program's stack, allowing the attacker to execute arbitrary code with root-level privileges on the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation would grant an attacker complete administrative control over the network device. This could lead to severe business consequences, including the interception of sensitive network traffic, unauthorized access to internal network resources, and the ability to launch further attacks from a trusted position within the network. The compromised device could also be co-opted into a botnet for use in large-scale Distributed Denial of Service (DDoS) attacks, causing reputational damage and potential service disruption.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates released by the vendor to all affected devices immediately. Before and after patching, it is critical to monitor for any signs of compromise. Review system and access logs for unusual activity, unexpected reboots, or configuration changes that could indicate a breach occurred prior to the patch being applied.
Proactive Monitoring: Implement enhanced monitoring on network traffic to and from affected devices. Look for suspicious outbound connections to unknown IP addresses, anomalous traffic spikes, or repeated connection attempts to the device's management interface. Intrusion Detection Systems (IDS) should be updated with signatures to detect exploitation of this vulnerability if they become available.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 3, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity score and the prevalence of Tenda devices, it is highly probable that threat actors will develop exploits in the near future. The "was" vendor name in the source data appears to be a typo; the affected product is manufactured by Tenda.
Analyst Recommendation
Due to the critical nature of this vulnerability (CVSS 8.8), which allows for remote code execution, we strongly recommend that organizations prioritize the immediate patching of all affected Tenda devices. While this CVE is not currently on the CISA KEV list, its high impact score makes it a prime candidate for future inclusion and an attractive target for attackers. In addition to patching, organizations should ensure that compensating controls, such as disabling WAN management, are implemented as a standard security best practice to harden these critical network devices against future threats.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda AC23 16
A security vulnerability has been detected in Tenda AC23 16
Executive Summary:
A high-severity vulnerability has been identified in certain Tenda router models, which could allow a remote attacker to gain complete control over the affected device. Successful exploitation could enable an attacker to intercept network traffic, access connected devices, and disrupt network services. Organizations using the affected products are urged to apply security updates immediately to prevent a potential network compromise.
Vulnerability Details
CVE-ID: CVE-2025-12596
Affected Software: Tenda AC23
Affected Versions: Firmware version 16.03.07.45 and prior. See vendor advisory for a complete list of affected products.
Vulnerability: This vulnerability is a post-authentication command injection flaw within the router's web-based administration interface. An authenticated attacker can send a specially crafted HTTP request to a specific administrative function (e.g., network diagnostic tools). Due to insufficient input validation, the attacker can inject and execute arbitrary operating system commands with root privileges on the device, leading to a full compromise of the router.
Business Impact
With a CVSS score of 8.8, this vulnerability is rated as High severity. A successful exploit grants an attacker complete administrative control over the network gateway, posing a significant risk to the organization. Potential consequences include the interception and exfiltration of sensitive data, pivoting to attack other internal network resources, deployment of malware, and using the compromised device in botnet attacks. This could lead to data breaches, operational downtime, and reputational damage.
Remediation Plan
Immediate Action: Apply the security patches released by the vendor to all affected Tenda routers immediately. Prioritize patching for internet-facing and critical network devices. After applying the update, verify that the new firmware version is installed correctly and review device access logs for any signs of unauthorized access or suspicious activity prior to patching.
Proactive Monitoring: Monitor outbound network traffic from the router for connections to unknown or malicious destinations. Security teams should review router system and administration logs for unusual commands, unexpected configuration changes, or access from unfamiliar IP addresses. Intrusion Detection Systems (IDS) should be updated with signatures to detect exploitation attempts against this CVE.
Compensating Controls: If patching cannot be performed immediately, restrict access to the router's administration interface to a dedicated, secure management network or a limited set of trusted IP addresses. Disable remote (WAN-side) administration entirely. If available, deploy a Web Application Firewall (WAF) to inspect traffic to the administration interface and block malicious requests.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 2, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, command injection vulnerabilities in router firmware are frequently and quickly weaponized by threat actors after disclosure. Given the high severity and ease of exploitation for an authenticated attacker, the development of a public proof-of-concept exploit is highly probable.
Analyst Recommendation
Given the high severity (CVSS 8.8) and the potential for complete network compromise, this vulnerability requires immediate attention. We strongly recommend that all affected Tenda devices are patched without delay, following the vendor's guidance. Although this CVE is not currently listed on the CISA KEV catalog, its critical nature makes it a prime target for future attacks. Organizations must prioritize patching and implement the proactive monitoring and compensating controls outlined in this report to mitigate the significant risk posed by this vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC23 16
A weakness has been identified in Tenda AC23 16
Executive Summary:
A high-severity vulnerability has been discovered in Tenda AC23 router firmware that could allow a remote, unauthenticated attacker to take complete control of the affected device. Successful exploitation could lead to network traffic interception, denial of service, or the compromise of the internal network. Organizations are urged to apply the vendor-provided security patch immediately to mitigate the significant risk of a system compromise.
Vulnerability Details
CVE-ID: CVE-2025-12595
Affected Software: Tenda AC23 Firmware
Affected Versions: Version 16.03.07.45_cn and prior. See vendor advisory for a complete list of affected versions.
Vulnerability: This vulnerability is a stack-based buffer overflow within the web server component of the Tenda AC23 firmware. An unauthenticated attacker on the same network (or remotely, if WAN management is enabled) can send a specially crafted HTTP POST request to the device's management interface. The server fails to properly validate the length of user-supplied input, leading to an overflow that can overwrite the return address on the stack, allowing the attacker to execute arbitrary code with root-level privileges on the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would result in a complete compromise of the network device, granting an attacker full administrative control. The potential business impact includes the loss of data confidentiality, as the attacker could intercept all unencrypted network traffic passing through the router. The integrity of the network is at risk, as the attacker could redirect traffic to malicious sites or use the device to launch further attacks against the internal network. Finally, the availability of network services could be impacted if the attacker renders the device inoperable or uses it as part of a DDoS botnet.
Remediation Plan
Immediate Action: The primary remediation is to apply the security update provided by the vendor immediately. Disconnect affected devices from the internet if patching cannot be performed right away. After patching, review system and access logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: System administrators should monitor network traffic for anomalous HTTP requests directed at the router's management interface, especially from untrusted sources. Monitor for unexpected device reboots, unexplained configuration changes, or high CPU utilization. Employ network intrusion detection systems (NIDS) to look for signatures associated with this CVE as they become available.
Compensating Controls: If immediate patching is not feasible, the following compensating controls should be implemented:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 2, 2025, there are no known public proof-of-concept exploits or active attacks targeting this vulnerability. However, due to the high severity score and the prevalence of the affected device, it is highly probable that security researchers and threat actors will develop an exploit in the near future by reverse-engineering the patch.
Analyst Recommendation
Given the high CVSS score of 8.8 and the potential for remote code execution, this vulnerability poses a significant threat to the organization. We strongly recommend that all affected Tenda AC23 devices be patched immediately, prioritizing those that are internet-facing or protect critical network segments. Although this CVE is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion. If patching must be delayed, the compensating controls listed above should be implemented as a temporary but less effective mitigation strategy.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda CH22 1
A flaw has been found in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda CH22 1
A security vulnerability has been detected in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda CH22 1
A weakness has been identified in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda CH22 1
A security flaw has been discovered in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda CH22 1
A vulnerability was identified in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda CH22 1
A weakness has been identified in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda CH22 1
A vulnerability was determined in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda CH22 1
A vulnerability was found in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda CH22 1
A vulnerability has been found in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda CH22 1
A flaw has been found in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda CH22 1
A vulnerability was detected in Tenda CH22 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC6 15
A vulnerability has been found in Tenda AC6 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda O3 1
A vulnerability was detected in Tenda O3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda O3 1
A security vulnerability has been detected in Tenda O3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda O3 1
A weakness has been identified in Tenda O3 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda O3 1
A security flaw has been discovered in Tenda O3 1
Executive Summary:
A high-severity vulnerability has been discovered in Tenda networking products, specifically affecting the Tenda O3 device. This flaw could allow an unauthenticated remote attacker to execute arbitrary code and gain complete control over the affected device. Successful exploitation could lead to network traffic interception, data theft, or the compromise of the entire network segment the device manages.
Vulnerability Details
CVE-ID: CVE-2025-12211
Affected Software: Tenda Multiple Products (Tenda O3 confirmed)
Affected Versions: Tenda O3 Version 1. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: This vulnerability is a command injection flaw in the web-based management interface of the Tenda O3 device. An unauthenticated attacker with network access to the device's management portal can send a specially crafted HTTP request containing arbitrary commands to a specific API endpoint. The input is not properly sanitized before being passed to a system shell, allowing the attacker to execute commands on the underlying operating system with root-level privileges.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation of this flaw poses a significant risk to the organization. A successful attacker could gain full administrative control of the network device, allowing them to intercept, modify, or redirect sensitive network traffic, potentially leading to a data breach. Furthermore, the compromised device could be used as a pivot point to launch further attacks against other systems on the internal network, or be co-opted into a botnet, resulting in service disruption and reputational damage.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. After patching, review device access logs and system logs for any signs of compromise that may have occurred prior to the update, such as unauthorized configuration changes or logins from unknown IP addresses.
Proactive Monitoring: Implement enhanced monitoring for affected devices. Security teams should look for unusual or malformed HTTP requests to the device's management interface in network traffic logs. Monitor for unexpected outbound connections originating from the device and check for the execution of anomalous processes (e.g., shell scripts, reverse shells) on the device itself.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of October 27, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity and relative simplicity of exploiting command injection flaws in network devices, it is highly probable that threat actors will develop exploits and begin scanning for vulnerable systems in the near future.
Analyst Recommendation
Given the High severity rating (CVSS 8.8), organizations are strongly urged to treat this vulnerability with high priority. The recommended course of action is to apply the vendor-supplied patches to all affected Tenda devices immediately. Although this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential for complete system compromise warrants immediate attention. If patching is delayed, the compensating controls outlined above should be implemented without delay to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda O3 1
A vulnerability was identified in Tenda O3 1
Executive Summary:
A high-severity vulnerability has been discovered in Tenda O3 networking equipment, identified as CVE-2025-12210. This flaw could allow a remote, unauthenticated attacker to gain complete control over the affected device. Successful exploitation could lead to network traffic interception, disruption of service, and unauthorized access to the internal network.
Vulnerability Details
CVE-ID: CVE-2025-12210
Affected Software: Tenda O3
Affected Versions: See vendor advisory for specific affected versions. The initial report identified Tenda O3 V1 firmware.
Vulnerability: This vulnerability is a command injection flaw in the web-based management interface of the Tenda O3 device. An unauthenticated attacker can send a specially crafted HTTP request to a specific endpoint on the device's web server. The input is not properly sanitized before being passed to a system shell, allowing the attacker to execute arbitrary operating system commands with root-level privileges on the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. If exploited, an attacker could gain full administrative control of the network device, posing a significant risk to the organization. Potential consequences include eavesdropping on sensitive network traffic, modifying network configurations to redirect users to malicious sites, using the compromised device as a pivot point to attack other internal systems, or launching denial-of-service attacks that disrupt network connectivity and business operations.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately, prioritizing internet-facing or otherwise exposed devices. After patching, organizations should monitor for any signs of post-patch exploitation attempts and review historical access logs for indicators of compromise preceding the update.
Proactive Monitoring: Security teams should monitor for anomalous activity related to the affected devices. This includes inspecting web server logs for unusual or malformed requests to the management interface, monitoring for unexpected outbound network connections from the devices, and creating alerts for any unauthorized configuration changes or reboots.
Compensating Controls: If patching cannot be performed immediately, access to the device's web management interface should be strictly firewalled and restricted to a dedicated, trusted management network. Ensure the management interface is not exposed to the internet. If remote management is necessary, it should be done through a secure VPN with multi-factor authentication.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 27, 2025, there are no known public proof-of-concept exploits or active exploitation of this vulnerability in the wild. However, vulnerabilities of this type (unauthenticated remote command execution) in networking hardware are prime targets for threat actors and are often quickly weaponized. The initial report incorrectly listed the vendor as "was" and product as "Multiple Products," but the description specified "Tenda O3 1," which this analysis is based upon.
Analyst Recommendation
Given the high CVSS score of 8.8 and the critical nature of unauthenticated remote code execution vulnerabilities, we recommend that organizations treat this as a critical priority. Although this CVE is not currently on the CISA KEV list, its severity warrants immediate patching. All vulnerable Tenda O3 devices should be identified and updated immediately to prevent potential compromise of the network perimeter.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda O3 1
A vulnerability was determined in Tenda O3 1
Executive Summary:
A high-severity vulnerability has been identified in multiple Tenda networking products, including the Tenda O3. This flaw could allow a remote, unauthenticated attacker to execute arbitrary code and gain full control of an affected device, posing a significant risk of network compromise and unauthorized access to sensitive information.
Vulnerability Details
CVE-ID: CVE-2025-12209
Affected Software: Tenda Multiple Products
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: This vulnerability is a command injection flaw within the web-based management interface of affected Tenda devices. An unauthenticated remote attacker can exploit this by sending a specially crafted HTTP request to the device. The flaw exists because user-supplied input is not properly sanitized before being used in a system command, allowing the attacker to inject and execute arbitrary commands with root privileges on the underlying operating system.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant threat to the organization. Successful exploitation would grant an attacker complete control over the affected network devices. This could lead to severe consequences, including the interception of network traffic, unauthorized access to internal network segments, data exfiltration, and the ability to use the compromised device as a pivot point for further attacks. The potential for service disruption and reputational damage is substantial.
Remediation Plan
Immediate Action: Organizations must prioritize applying the security updates released by the vendor to all affected Tenda devices. This is the most effective way to mitigate the vulnerability. After patching, it is crucial to verify that the updates have been successfully installed and review device logs for any signs of prior compromise.
Proactive Monitoring: Security teams should actively monitor for signs of exploitation. Review web access logs on affected devices for suspicious HTTP requests containing shell metacharacters (e.g., |, &, ;, $()). Monitor network traffic for unexpected outbound connections from the devices, which could indicate a successful compromise. Implement and update network intrusion detection/prevention system (IDS/IPS) signatures designed to detect this specific exploit pattern.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the attack surface. Restrict network access to the device's web management interface to a limited set of trusted administrative IP addresses using a firewall. If remote management is not required for business operations, disable it entirely to prevent attackers from reaching the vulnerable component.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 27, 2025, there are no known public exploits for this vulnerability. However, given the high severity and the relative simplicity of exploiting command injection flaws, it is anticipated that proof-of-concept (PoC) code and active exploitation will emerge shortly. Organizations should operate under the assumption that an exploit is imminent.
Analyst Recommendation
This vulnerability represents a critical risk to the network infrastructure. Although not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, the high CVSS score of 8.8 indicates a severe potential impact. We strongly recommend that all affected Tenda devices are patched immediately to prevent potential compromise. If patching is delayed, compensating controls must be implemented without delay to restrict all untrusted access to the vulnerable management interface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC7 15
A vulnerability was determined in Tenda AC7 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda W12 3
A vulnerability has been found in Tenda W12 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC7 15
A vulnerability was identified in Tenda AC7 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC7 15
A vulnerability was determined in Tenda AC7 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC7 15
A vulnerability was found in Tenda AC7 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC7 15
A vulnerability has been found in Tenda AC7 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda AC7 15
A flaw has been found in Tenda AC7 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipul...
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipulation of the argument page results in memory corru...
Executive Summary:
A critical memory corruption vulnerability has been identified in multiple Tenda networking products. An attacker can remotely exploit this flaw by sending a specially crafted request to the device's web interface, potentially allowing them to execute arbitrary code and gain complete control over the affected device.
Vulnerability Details
CVE-ID: CVE-2025-11423
Affected Software: A vulnerability was found in Tenda Multiple Products
Affected Versions: Tenda CH22 version 1.0.0.1 is confirmed affected. As the vulnerability impacts multiple products, see the vendor advisory for a complete list of specific affected versions.
Vulnerability: This is a memory corruption vulnerability within the formSafeEmailFilter function, accessible via the /goform/SafeEmailFilter web endpoint. An unauthenticated remote attacker can trigger this vulnerability by sending a malicious web request that includes a specially manipulated page argument. The improper handling of this argument by the function leads to a memory corruption condition, which can be leveraged by an attacker to cause a denial-of-service or, more critically, achieve arbitrary code execution on the device.
Business Impact
This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected Tenda networking devices. An attacker gaining control of these devices could intercept sensitive network traffic, pivot to attack other systems on the internal network, disrupt network availability, or incorporate the devices into a botnet for use in larger-scale attacks. The potential for remote, unauthenticated exploitation significantly increases the likelihood of an attack.
Remediation Plan
Immediate Action: Update A vulnerability was found in Tenda Multiple Products to the latest version. After applying the patch, it is essential to monitor for any subsequent exploitation attempts and review access logs for any suspicious activity that may have occurred prior to the update.
Proactive Monitoring: Monitor web server logs for unusual or malformed requests to the /goform/SafeEmailFilter endpoint, paying close attention to the page argument. Network monitoring should be configured to detect unexpected outbound connections or traffic patterns originating from the Tenda devices. Watch for unexplained system reboots or crashes, which could indicate exploitation attempts.
Compensating Controls: If immediate patching is not feasible, restrict access to the device's web administration interface to a dedicated and trusted management network. If exposed to the internet, place the device behind a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with signatures designed to detect and block attempts to exploit this vulnerability.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Oct 8, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity and the low complexity of the attack vector, it is highly probable that a functional exploit will be developed and released by security researchers or malicious actors in the near future.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the potential for complete system compromise, this vulnerability requires immediate attention. Organizations must prioritize the identification and patching of all affected Tenda devices. Although this CVE is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion and indicates a high risk of exploitation. If patching cannot be performed immediately, the compensating controls listed above must be implemented as a matter of urgency to reduce the attack surface.
Update A vulnerability was found in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsa...
A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The m...
Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2025-11418, has been discovered in multiple Tenda products. This flaw allows an unauthenticated remote attacker to take complete control of an affected device, posing a severe risk to network security, data confidentiality, and operational continuity. Immediate patching is required to mitigate the threat of a full network compromise.
Vulnerability Details
CVE-ID: CVE-2025-11418
Affected Software: Tenda Multiple Products
Affected Versions: Tenda CH22 up to version 1.0.0.1. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the HTTP Request Handler component. Specifically, the formWrlsafeset function, accessible via the /goform/AdvSetWrlsafeset endpoint, fails to properly validate the length of user-supplied input. An unauthenticated attacker can send a specially crafted HTTP POST request with an overly long parameter, causing a buffer overflow that overwrites the stack's return address, leading to arbitrary code execution with the privileges of the web server process, which is typically root on these devices.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an attacker to gain complete administrative control over the affected network device. The potential consequences include interception and theft of all network traffic, unauthorized access to the internal network, deployment of malware, and using the compromised device as part of a larger botnet for launching further attacks. This represents a significant risk to data confidentiality, system integrity, and the availability of network services.
Remediation Plan
Immediate Action: Immediately identify all vulnerable Tenda devices within the environment and update the firmware to the latest version provided by the vendor. After patching, monitor for any signs of post-compromise activity and review historical access logs for suspicious requests to the vulnerable endpoint.
Proactive Monitoring: Configure network monitoring and firewall logging to detect and alert on anomalous HTTP POST requests to the /goform/AdvSetWrlsafeset URI on Tenda devices. Monitor for unexpected device reboots or crashes, which could indicate failed exploitation attempts.
Compensating Controls: If patching cannot be performed immediately, implement the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Oct 8, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity and the relative simplicity of exploiting stack-based buffer overflows in embedded devices, it is highly probable that threat actors will develop and deploy exploits in the near future.
Analyst Recommendation
Given the critical 9.8 CVSS score, this vulnerability requires immediate attention. The risk of unauthenticated remote code execution on a network perimeter device is severe. We strongly recommend that organizations prioritize the immediate application of vendor-supplied firmware updates to all affected Tenda products. Although this vulnerability is not currently listed on the CISA KEV catalog, its critical nature makes it a prime candidate for future inclusion and widespread exploitation.
Update A security vulnerability has been detected in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda AC15 15
A security flaw has been discovered in Tenda AC15 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC15 15
A vulnerability was identified in Tenda AC15 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC15 15
A vulnerability was determined in Tenda AC15 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC15 15
A vulnerability was found in Tenda AC15 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda AC20 up to 16
A vulnerability has been found in Tenda AC20 up to 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC23 up to 16
A vulnerability was found in Tenda AC23 up to 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC18 15
A vulnerability was detected in Tenda AC18 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda AC18 15
A security vulnerability has been detected in Tenda AC18 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC18 15
A weakness has been identified in Tenda AC18 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda AC18 15
A security flaw has been discovered in Tenda AC18 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC18 15
A vulnerability was identified in Tenda AC18 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda AC18 15
A flaw has been found in Tenda AC18 15
Executive Summary:
A high-severity vulnerability has been discovered in multiple products from the vendor "flaw". This vulnerability could allow a remote attacker with low-level privileges to execute arbitrary commands on an affected device, leading to a complete system compromise. Successful exploitation could result in data theft, network disruption, and unauthorized access to the internal network.
Vulnerability Details
CVE-ID: CVE-2025-11123
Affected Software: flaw Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a post-authentication command injection flaw in the web management interface of the affected products. An attacker who has obtained low-privilege user credentials (e.g., a guest account) can send a specially crafted HTTP request to a diagnostic or configuration page. The input is not properly sanitized before being used in a system shell command, allowing the attacker to inject and execute arbitrary OS commands with the privileges of the web server, which is typically root.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete control over the affected network device. The potential consequences include the exfiltration of sensitive network configuration data and traffic, using the compromised device as a pivot point to attack other systems on the internal network, and enrolling the device into a botnet for use in Distributed Denial-of-Service (DDoS) attacks. The integrity and availability of the network infrastructure are at significant risk.
Remediation Plan
Immediate Action: Organizations must apply the security updates provided by the vendor immediately, prioritizing internet-facing or otherwise critical devices. After patching, administrators should review access and system logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Monitor device logs for unusual or suspicious activity, including logins from unexpected IP addresses, unauthorized configuration changes, and unexpected outbound network connections. Network traffic should be monitored for requests to the device's web interface containing shell command characters (e.g., ;, |, &&, $(), `).
Compensating Controls: If immediate patching is not feasible, restrict access to the device's management interface to a dedicated, trusted administrative network. If the interface must be exposed, place it behind a Web Application Firewall (WAF) with rules designed to block command injection attempts. Ensure all accounts on the device use strong, unique passwords and that default credentials have been changed.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 28, 2025, there are no known public exploits or reports of this vulnerability being actively exploited in the wild. However, due to the low complexity of exploitation once an attacker has low-level credentials, it is highly probable that a functional proof-of-concept exploit will be developed and released by security researchers or malicious actors in the near future.
Analyst Recommendation
Given the high severity score (CVSS 8.8) and the potential for a complete system takeover, we recommend that organizations treat this vulnerability with high priority. The remediation plan should be executed immediately, starting with the application of vendor-supplied patches to all affected systems. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future exploitation, and it should be remediated with the same urgency as a known exploited vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC18 15
A vulnerability was detected in Tenda AC18 15
Executive Summary:
A critical vulnerability has been identified in multiple Tenda products, most notably the Tenda AC18 router. This flaw allows an unauthenticated remote attacker to execute arbitrary code on an affected device, potentially leading to a complete system compromise. Successful exploitation could result in data theft, network disruption, and unauthorized access to the internal network.
Vulnerability Details
CVE-ID: CVE-2025-11122
Affected Software: Tenda Multiple Products
Affected Versions: The Tenda AC18 with firmware version 15.03.05.19 is confirmed to be vulnerable. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: This vulnerability is an unauthenticated command injection flaw in the web management interface of the affected devices. An attacker can send a specially crafted HTTP request to a specific administrative endpoint without needing to provide any credentials. The device fails to properly sanitize user-supplied input within this request, allowing the attacker to inject and execute arbitrary operating system commands with the privileges of the root user.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation of this flaw could have severe consequences for the organization. A remote attacker gaining root-level control of a network device can intercept sensitive network traffic, pivot to attack other systems on the internal network, install persistent malware, or launch denial-of-service attacks. This poses a significant risk of data breaches, operational downtime, reputational damage, and potential non-compliance with regulatory requirements.
Remediation Plan
Immediate Action:
Proactive Monitoring:
Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of September 28, 2025, this is a newly disclosed vulnerability. There are currently no known public proof-of-concept exploits or active exploitation campaigns. However, due to the low complexity of the attack and the high potential impact, security researchers and threat actors are expected to develop and release exploit code in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.8) and the risk of unauthenticated remote code execution, this vulnerability presents a significant and immediate threat to the organization. Although not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion and widespread exploitation. We strongly recommend that organizations prioritize the immediate application of vendor-supplied patches to all affected Tenda devices to prevent compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC8 16
A weakness has been identified in Tenda AC8 16
Executive Summary:
A high-severity vulnerability has been discovered in multiple products, including the Tenda AC8 router. This weakness could allow a remote, unauthenticated attacker to take complete control of an affected device. Successful exploitation could lead to network breaches, data theft, and the disruption of network services.
Vulnerability Details
CVE-ID: CVE-2025-11120
Affected Software: weakness Multiple Products (e.g., Tenda AC8)
Affected Versions: Tenda AC8 firmware version 16. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is a stack-based buffer overflow in the web server component responsible for handling HTTP requests on affected devices. An unauthenticated attacker on the same network (or remotely, if the management interface is exposed to the internet) can send a specially crafted POST request with an overly long value to a specific parameter. The device's firmware fails to properly validate the length of this input, leading to a buffer overflow that can overwrite critical data on the stack, allowing the attacker to execute arbitrary code with root privileges.
Business Impact
This vulnerability presents a significant risk to the organization, reflected by its High severity rating with a CVSS score of 8.8. An attacker who successfully exploits this flaw can gain complete administrative control over the network device. This could lead to severe consequences, including the interception and theft of sensitive network traffic, unauthorized access to internal network segments, deployment of malware, and using the compromised device as a pivot point for further attacks. The device could also be enlisted into a botnet for use in large-scale Distributed Denial of Service (DDoS) attacks, potentially causing reputational damage and service disruption.
Remediation Plan
Immediate Action: Apply vendor-provided security updates immediately to all affected devices. After patching, it is crucial to monitor for any signs of exploitation attempts by reviewing device and network access logs for anomalous activity that may have occurred prior to remediation.
Proactive Monitoring: Network and security teams should actively monitor for indicators of compromise. This includes reviewing web server logs on affected devices for unusually long or malformed POST requests, inspecting network traffic for suspicious connections to the device's management interface from untrusted sources, and using an Intrusion Detection System (IDS) to alert on signatures associated with buffer overflow attempts. Monitor for any unexpected outbound connections originating from the device, which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk of exploitation. Restrict network access to the device's administrative web interface to a limited set of trusted IP addresses. Ensure that remote or WAN-side management is disabled, preventing exposure of the vulnerable interface to the public internet. Deploying a Web Application Firewall (WAF) or an Intrusion Prevention System (IPS) with relevant rules may also help block malicious requests before they reach the device.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 28, 2025, there are no known public proof-of-concept exploits or reports of this vulnerability being actively exploited in the wild. However, due to the high severity (CVSS 8.8) and the relative simplicity of exploiting buffer overflow vulnerabilities, it is highly probable that threat actors will develop and deploy exploits in the near future.
Analyst Recommendation
Given the high severity of this vulnerability, we strongly recommend that organizations prioritize the immediate patching of all affected devices. The potential for a complete system compromise by an unauthenticated attacker represents a critical risk to network security. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high impact score makes it a prime candidate for future inclusion and an attractive target for attackers. All internet-facing or critical internal devices should be identified and patched on an emergency basis.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda CH22 1
A vulnerability was determined in Tenda CH22 1
Executive Summary:
A high-severity vulnerability has been identified in Tenda networking products, allowing an unauthenticated remote attacker to execute arbitrary code and gain complete control over affected devices. Successful exploitation could lead to network-wide compromise, data theft, and service disruption. Immediate patching is critical to mitigate the significant risk posed by this flaw.
Vulnerability Details
CVE-ID: CVE-2025-11117
Affected Software: Tenda CH22
Affected Versions: Version 1. See vendor advisory for a complete list of potentially affected products.
Vulnerability: The vulnerability is a command injection flaw within the device's web management interface. An unauthenticated attacker on the same network or, if exposed, over the internet, can send a specially crafted HTTP request to a specific API endpoint. This request can include malicious operating system commands which are then executed by the device with root-level privileges, resulting in a full system compromise.
Business Impact
This vulnerability poses a significant risk to the organization, classified as High severity with a CVSS score of 8.8. An attacker who successfully exploits this flaw can gain complete control over the network device. Potential consequences include eavesdropping on network traffic to steal sensitive data, modifying network configurations to cause outages or redirect traffic, using the compromised device as a pivot point to attack other internal systems, and incorporating the device into a botnet for use in larger attacks against other targets.
Remediation Plan
Immediate Action:
Identify all vulnerable Tenda devices within the environment and apply the security updates provided by the vendor immediately. Prioritize patching for devices that are internet-facing or manage critical network segments. After patching, monitor for any signs of exploitation attempts by reviewing firewall and web server access logs for unusual requests targeting the device's management interface.
Proactive Monitoring:
Implement enhanced monitoring for affected devices. Security teams should look for suspicious outbound connections from the devices, unexpected processes or high CPU utilization, and specific attack signatures in network traffic or web access logs that indicate attempts to exploit a command injection vulnerability.
Compensating Controls:
If immediate patching is not feasible, restrict access to the device's web management interface to a secure, isolated management network. Use network firewalls to block all external access to the management ports (typically TCP 80/443) of these devices. Implement network segmentation to limit the potential impact should a device be compromised.
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of September 28, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the critical nature and low complexity of the flaw, security researchers are likely to develop and publish proof-of-concept exploit code in the near future, which will significantly increase the risk of widespread attacks.
Analyst Recommendation
Due to the high severity (CVSS 8.8) of this remote code execution vulnerability, it is imperative that organizations take immediate action. All system administrators should prioritize the identification and patching of all affected Tenda devices. Although this vulnerability is not currently on the CISA KEV list, its critical impact and ease of exploitation make it a prime candidate for future inclusion and widespread attack. Proactive remediation is the most effective strategy to prevent compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda AC21 up to 16
A security flaw has been discovered in Tenda AC21 up to 16
Executive Summary:
A high-severity vulnerability has been identified in certain networking products, allowing a remote, unauthenticated attacker to execute arbitrary code and gain full control of the affected device. Successful exploitation could lead to a complete network compromise, enabling attackers to intercept sensitive data, pivot to internal networks, or disrupt operations. Immediate patching is required to mitigate the significant risk posed by this flaw.
Vulnerability Details
CVE-ID: CVE-2025-11091
Affected Software: security Multiple Products
Affected Versions: Tenda AC21 firmware versions up to and including 16.03.07.45.
Vulnerability: The vulnerability is a command injection flaw within the web management interface of the Tenda AC21 router. A specific function, responsible for network diagnostics, fails to properly sanitize user-supplied input before passing it to a system shell command. An unauthenticated attacker can craft a malicious POST request to this function, injecting arbitrary operating system commands which are then executed on the device with root-level privileges, leading to a full system compromise.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete control over the network device, posing a severe risk to the organization. Potential consequences include the ability to monitor, redirect, or modify all network traffic, leading to sensitive data exfiltration (e.g., credentials, financial information). An attacker could also use the compromised device as a pivot point to launch further attacks against the internal corporate network or incorporate the device into a botnet for use in large-scale DDoS attacks, causing significant operational disruption and reputational damage.
Remediation Plan
Immediate Action: Apply vendor-supplied security updates to all affected Tenda AC21 devices immediately. Prioritize patching for devices with management interfaces exposed to the internet. After patching, review system and access logs for any signs of compromise that may have occurred prior to remediation.
Proactive Monitoring: Monitor network traffic for anomalous requests to the device's web management interface, particularly unexpected POST requests to diagnostic endpoints. Security teams should also monitor for unusual outbound connections from the device, which could indicate a successful compromise and communication with a command-and-control server. Enable and centralize logging from network devices to aid in detecting and investigating suspicious activity.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the attack surface:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 28, 2025, there are no known public exploits or observed in-the-wild attacks targeting this vulnerability. However, due to the critical nature of command injection flaws in widely deployed networking equipment, security researchers and threat actors are highly likely to develop proof-of-concept exploits by reverse-engineering the vendor's patch.
Analyst Recommendation
Given the high CVSS score of 8.8 and the potential for complete device takeover, this vulnerability presents a critical risk. We strongly recommend that all affected devices are patched on an emergency basis. Although this CVE is not currently listed on the CISA KEV list, its severity makes it a prime candidate for future inclusion and an attractive target for opportunistic attackers. Organizations must prioritize the immediate application of vendor patches and implement compensating controls where patching is delayed to prevent a potential network breach.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC21 16
A vulnerability was identified in Tenda AC21 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda AC20 up to 16
A vulnerability was identified in Tenda AC20 up to 16
A vulnerability has been found in Tenda AC23 up to 16
A vulnerability has been found in Tenda AC23 up to 16
A vulnerability was identified in Tenda AC9 and AC15 15
A vulnerability was identified in Tenda AC9 and AC15 15
Executive Summary:
A high-severity vulnerability has been discovered in certain Tenda router models, which could allow a remote, unauthenticated attacker to execute arbitrary code and gain complete control of the affected device. Successful exploitation could lead to significant network breaches, data theft, or disruption of services, posing a critical risk to the organization's network integrity. Immediate patching is required to mitigate this threat.
Vulnerability Details
CVE-ID: CVE-2025-10443
Affected Software: Tenda AC9 and AC15 Routers
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is a stack-based buffer overflow within the web management interface of the affected Tenda routers. An unauthenticated remote attacker can exploit this by sending a specially crafted POST request to the device. This overflows a buffer, allowing the attacker to overwrite critical stack data and achieve arbitrary code execution with root-level privileges on the router.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete administrative control over the network router, a critical component of the network perimeter. Potential consequences include interception and redirection of network traffic, eavesdropping on sensitive communications, compromising other internal systems by pivoting from the router, and using the device in a botnet for larger-scale attacks. This poses a significant risk of data breaches, financial loss, and reputational damage.
Remediation Plan
Immediate Action: Apply vendor-supplied security updates to all affected Tenda AC9 and AC15 routers immediately. Patches should be downloaded from the official Tenda support website and installed according to the vendor's instructions. After patching, monitor for any signs of post-remediation exploitation attempts and review device access logs for any suspicious activity that occurred prior to the update.
Proactive Monitoring: Security teams should monitor for indicators of compromise, including unexpected outbound connections from the routers, unauthorized configuration changes (especially to DNS settings), and unusual spikes in network traffic. Review router web server logs for malformed POST requests or repeated access attempts from unknown IP addresses.
Compensating Controls: If patching cannot be performed immediately, disable WAN-side (internet-facing) management of the router's web interface. If remote administration is required, restrict access to a limited set of trusted IP addresses using firewall rules. Consider network segmentation to limit the potential impact of a compromised router on other critical internal assets.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 15, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and relative simplicity of exploiting buffer overflows in embedded devices, it is highly probable that threat actors will develop a functional exploit in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8, this vulnerability presents a critical risk and must be addressed with urgency. Organizations using affected Tenda AC9 and AC15 routers should prioritize the deployment of vendor patches across all vulnerable devices. Although this CVE is not currently listed on the CISA KEV catalog, its severity makes it a likely candidate for future inclusion. If patching is delayed for any reason, the compensating controls outlined above must be implemented immediately as a temporary mitigation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa...
A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing ...
Executive Summary:
A critical vulnerability has been identified in multiple Tenda networking products, carrying a CVSS score of 9.8 out of 10. This flaw allows a remote, unauthenticated attacker to execute arbitrary code and gain complete control over an affected device by sending a specially crafted HTTP request. Successful exploitation could lead to a total compromise of the network's security, enabling data theft, traffic interception, and further attacks on the internal network.
Vulnerability Details
CVE-ID: CVE-2025-10432
Affected Software: A vulnerability was found in Tenda Multiple Products
Affected Versions: Tenda AC1206 firmware version 15.03.06.23 is confirmed to be affected. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: This vulnerability is a command injection or buffer overflow flaw within the HTTP Request Handler component. A remote, unauthenticated attacker can send a malicious HTTP POST request to the /goform/AdvSetMacMtuWa endpoint. The parameters within this request are improperly validated by the check_param_changed function, allowing the attacker to inject and execute arbitrary system commands with root-level privileges on the device.
Business Impact
This vulnerability is of critical severity with a CVSS score of 9.8. Exploitation could have a severe business impact, as it allows a complete takeover of the network device. Potential consequences include the ability for an attacker to monitor, redirect, or block all network traffic, compromising data confidentiality and availability. The compromised device could be used as a pivot point to attack other systems on the internal network, exfiltrate sensitive data, or be enrolled in a botnet for use in larger-scale attacks like Distributed Denial-of-Service (DDoS).
Remediation Plan
Immediate Action: Update A vulnerability was found in Tenda Multiple Products to the latest version. This involves downloading and applying the latest firmware patch provided by the vendor to all affected devices immediately. After patching, monitor for any signs of exploitation and review historical access logs for suspicious activity targeting the vulnerable endpoint.
Proactive Monitoring: Security teams should actively monitor network traffic for anomalous requests to the /goform/AdvSetMacMtuWa web endpoint. Review web server and firewall logs for connections from untrusted IP addresses attempting to access this path. Monitor devices for unexpected reboots, configuration changes, or unusual outbound traffic which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, disable remote (WAN) management of the device's web interface to prevent external attackers from reaching the vulnerable component. If remote access is required, restrict it using a firewall and strict Access Control Lists (ACLs) to only allow connections from trusted IP addresses. Deploying an Intrusion Prevention System (IPS) with signatures capable of detecting command injection attempts can also help mitigate risk.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Sep 15, 2025, there is no known public proof-of-concept exploit code, and the vulnerability is not reported to be actively exploited in the wild. However, given the simplicity and high impact of similar vulnerabilities in SOHO routers, it is highly probable that a functional exploit will be developed and used by threat actors in the near future.
Analyst Recommendation
Due to the critical severity (CVSS 9.8) of this vulnerability and the high likelihood of future exploitation, we strongly recommend that organizations prioritize the immediate patching of all affected Tenda devices. While this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for inclusion. As a fundamental security best practice, organizations should ensure that the web administration interface of network devices is never exposed to the public internet.
Update A vulnerability was found in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC20 up to 16
A vulnerability was detected in Tenda AC20 up to 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1
A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index
Apply vendor patches immediately. Review database access controls and enable query logging.
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher
Apply vendor patches immediately. Review database access controls and enable query logging.
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents
Apply vendor patches immediately. Review database access controls and enable query logging.
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm
Apply vendor patches immediately. Review database access controls and enable query logging.
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms
Executive Summary:
A high-severity vulnerability has been identified in the Student Attendance Management System. This flaw, known as SQL Injection, could allow an unauthenticated attacker to manipulate the application's database, leading to the unauthorized viewing, modification, or deletion of sensitive student and administrative data. Immediate patching is required to prevent potential data breaches and system compromise.
Vulnerability Details
CVE-ID: CVE-2023-41520
Affected Software: Student Attendance Management System
Affected Versions: Version 1.0
Vulnerability: The application is vulnerable to multiple SQL injection attacks within the createClassArms function. An attacker can craft malicious input containing SQL commands and submit it to the application. Because the application fails to properly sanitize this input, the malicious commands are executed directly against the backend database, giving the attacker control over database queries.
Business Impact
This vulnerability presents a High severity risk to the organization, reflected by its CVSS score of 8.8. Successful exploitation could lead to a significant data breach, exposing sensitive Personally Identifiable Information (PII) of students and staff, including names, attendance records, and other private details. The potential consequences include severe reputational damage, regulatory fines for non-compliance with data protection laws, and disruption of academic operations.
Remediation Plan
Immediate Action:
Proactive Monitoring:
UNION SELECT, OR '1'='1', sleep commands, or other database-specific functions.Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 8, 2025, this vulnerability has been publicly disclosed, but there is no known publicly available exploit code. However, SQL injection is a well-understood vulnerability class, and skilled attackers can develop custom exploits with minimal effort. This vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity (CVSS 8.8) and the critical nature of the data managed by this system, we recommend prioritizing the remediation of this vulnerability. Organizations must apply the vendor-supplied patch immediately. The potential for a significant data breach of student information represents an unacceptable risk, and action should be taken without delay, regardless of its current CISA KEV status.
Apply vendor patches immediately. Review database access controls and enable query logging.
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configurat...
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda FH303/A300 routers contain a session weakness that allows unauthenticated attackers to modify DNS settings via insufficient cookie validation.
Tenda FH303/A300 routers contain a session weakness that allows unauthenticated attackers to modify DNS settings via insufficient cookie validation.
---METADATA---
VENDOR: Tenda
PRODUCT: FH303/A300
AFFECTED_VERSIONS: V5.07.68_EN
---END_METADATA---
Description Summary:
Tenda FH303/A300 routers contain a session weakness that allows unauthenticated attackers to modify DNS settings via insufficient cookie validation.
Executive Summary:
A critical session vulnerability in Tenda FH303/A300 routers allows unauthenticated remote attackers to modify DNS settings and redirect network traffic.
Vulnerability Details
CVE-ID: CVE-2018-25318
Affected Software: Tenda FH303/A300
Affected Versions: V5.07.68_EN
Vulnerability: The device fails to properly validate cookies during session management, allowing an unauthenticated attacker to manipulate DNS configurations through the '/goform/AdvSetDns' endpoint.
Business Impact
With a CVSS score of 9.8, this vulnerability poses a severe risk to network security, enabling attackers to conduct man-in-the-middle attacks. Users may be silently redirected to malicious websites, leading to compromised credentials and malware infections.
Remediation Plan
Immediate Action: Update the device firmware to the latest version released by Tenda.
Proactive Monitoring: Monitor network traffic for anomalous DNS resolution patterns and verify that DNS settings have not been altered.
Compensating Controls: Restrict administrative access to the router's management interface to local, trusted network segments.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of April 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Administrators must prioritize patching this vulnerability to prevent traffic redirection. Where patching is not possible, the device should be isolated or replaced to maintain network integrity.
Update Tenda FH303 to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Tenda wireless routers contain a cookie session weakness allowing unauthenticated attackers to modify DNS settings through insufficient session valida...
Tenda wireless routers contain a cookie session weakness allowing unauthenticated attackers to modify DNS settings through insufficient session validation.
---METADATA---
VENDOR: Tenda
PRODUCT: W3002R/A302/W309R
AFFECTED_VERSIONS: V5.07.64_en
---END_METADATA---
Description Summary:
Tenda wireless routers contain a cookie session weakness allowing unauthenticated attackers to modify DNS settings through insufficient session validation.
Executive Summary:
A critical session validation vulnerability in Tenda wireless routers allows unauthenticated remote attackers to modify DNS settings and redirect user traffic.
Vulnerability Details
CVE-ID: CVE-2018-25317
Affected Software: Tenda W3002R/A302/W309R
Affected Versions: V5.07.64_en
Vulnerability: The device fails to properly validate administrative session cookies, allowing an unauthenticated attacker to send requests to the DNS configuration endpoint and redirect traffic to malicious servers.
Business Impact
With a CVSS score of 9.8, this flaw allows for large-scale man-in-the-middle attacks. Attackers can redirect all traffic from the affected network to malicious sites, facilitating credential harvesting, malware delivery, and data exfiltration.
Remediation Plan
Immediate Action: Update the device firmware to the latest available version provided by the manufacturer.
Proactive Monitoring: Check router DNS settings periodically for unauthorized changes and monitor traffic for suspicious redirects.
Compensating Controls: If a patch is unavailable, disable remote management and restrict access to the administrative interface to local, trusted devices only.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of April 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This legacy vulnerability remains a significant risk for affected hardware. Administrators should prioritize upgrading the firmware or replacing the affected hardware if a patch is not available.
Update Tenda W3002R to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Tenda W308R v2 routers contain a cookie session weakness that allows unauthenticated attackers to modify DNS settings by exploiting insufficient sessi...
Tenda W308R v2 routers contain a cookie session weakness that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation.
---METADATA---
VENDOR: Tenda
PRODUCT: W308R v2
AFFECTED_VERSIONS: V5.07.48
---END_METADATA---
Description Summary:
Tenda W308R v2 routers contain a cookie session weakness that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation.
Executive Summary:
A critical session validation vulnerability in Tenda W308R v2 routers allows unauthenticated attackers to modify DNS settings and intercept network traffic.
Vulnerability Details
CVE-ID: CVE-2018-25316
Affected Software: Tenda W308R v2
Affected Versions: V5.07.48
Vulnerability: Insufficient validation of administrative cookies allows unauthenticated users to access the '/goform/AdvSetDns' endpoint and change DNS server configurations.
Business Impact
The CVSS score of 9.8 highlights the severity of this issue, as it permits attackers to perform transparent traffic interception. This can lead to the theft of sensitive data and the deployment of malicious payloads to all connected clients on the network.
Remediation Plan
Immediate Action: Update the router firmware to the most recent version available from the vendor.
Proactive Monitoring: Regularly audit the router configuration for unauthorized DNS changes and monitor logs for unusual access to management endpoints.
Compensating Controls: Disable remote administrative access and ensure that only authorized devices are connected to the network management segment.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of April 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability requires immediate attention for any active deployments. Given the potential for traffic redirection, verifying the integrity of the current DNS settings is a critical first step.
Update Tenda W308R v2 to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Tenda
PRODUCT: F1202
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the Tenda F1202 router could allow an attacker to bypass security measures and perform unauthorized actions.
Executive Summary:
A critical vulnerability in the Tenda F1202 router could allow an attacker to gain unauthorized control, compromising the security of the local network.
Vulnerability Details
CVE-ID: CVE-2026-9431
Affected Software: Tenda F1202
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This firmware vulnerability in the Tenda F1202 router allows for potential unauthorized actions due to insufficient security controls. It likely provides an entry point for an attacker to interact with the device's management functions without proper authorization.
Business Impact
Given the CVSS score of 8.8, this flaw is highly critical. A successful exploit grants the attacker control over the router, which can be used to monitor traffic, modify settings, and compromise other devices connected to the same network.
Remediation Plan
Immediate Action: Apply the latest firmware update for the Tenda F1202 as soon as it is released by the manufacturer.
Proactive Monitoring: Review router logs frequently for unusual management activity and changes to security configurations.
Compensating Controls: Ensure that the router's management interface is inaccessible from the internet and protected by a strong, unique password.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Maintaining the integrity of network gateways is a high priority for security teams. Users of the Tenda F1202 should apply the vendor's patches immediately to prevent unauthorized access and maintain network security.