Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Tenda — Vulnerabilities & Security Advisories 735

Browse all 735 CVE security advisories affecting Tenda. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tenda operates primarily as a manufacturer of consumer networking hardware, including Wi-Fi routers and range extenders, targeting residential and small business markets. The company’s product line has been associated with a significant volume of security issues, currently totaling 730 recorded CVEs. Historically, these vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from inadequate input validation and weak authentication mechanisms in embedded web interfaces. Notable incidents include the discovery of hardcoded credentials and command injection points that allow unauthenticated attackers to gain full administrative control over devices. These systemic weaknesses highlight persistent challenges in the security development lifecycle for budget-oriented IoT equipment, resulting in widespread exposure to botnet recruitment and network compromise.

Top products by Tenda: CH22 AC15 FH1202 F453 AC7 F456 AC18 AC10U FH451 WH450 AC20 AC8 AC6 F451 AC10 i21 W15E AC23 W9 O3 FH1201 AC9 AC21 FH1205 M3 O3V2 AC5 AC1206 W12 A15
CVE IDTitleCVSSSeverityPublished
CVE-2026-8265 Tenda AC6 httpd getLogFile get_log_file os command injection — AC6CWE-78 4.7 Medium2026-05-11
CVE-2026-8264 Tenda AC6 httpd WifiApScan formWifiApScan os command injection — AC6CWE-78 6.3 Medium2026-05-11
CVE-2026-8263 Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection — AC6CWE-78 4.7 Medium2026-05-11
CVE-2026-8259 Tenda AC6 httpd telnet os command injection — AC6CWE-78 4.7 Medium2026-05-11
CVE-2026-8138 Tenda CX12L SetPptpServerCfg” formSetPPTPServer stack-based overflow — CX12LCWE-121 8.8 High2026-05-08
CVE-2026-7470 Tenda 4G300 SafeMacFilter sub_427C3C stack-based overflow — 4G300CWE-121 8.8 High2026-04-30
CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection — 4G300CWE-77 6.3 Medium2026-04-30
CVE-2018-25318 Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change — FH303/A300CWE-290 9.8 Critical2026-04-29
CVE-2018-25317 Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change — W3002RCWE-290 9.8 Critical2026-04-29
CVE-2018-25316 Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change — WCWE-290 9.8 Critical2026-04-29
CVE-2026-7160 Tenda HG3 formTracert command injection — HG3CWE-77 8.8 High2026-04-27
CVE-2026-7151 Tenda HG3 formIPv6Routing formUploadConfig stack-based overflow — HG3CWE-121 8.8 High2026-04-27
CVE-2026-7119 Tenda HG3 formCountrystr os command injection — HG3CWE-78 8.8 High2026-04-27
CVE-2026-7102 Tenda F456 httpd WriteFacMac FromWriteFacMac command injection — F456CWE-77 6.3 Medium2026-04-27
CVE-2026-7101 Tenda F456 httpd WrlclientSet fromWrlclientSet buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7100 Tenda F456 httpd Natlimit fromNatlimitof buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7099 Tenda F456 httpd QuickIndex formQuickIndex buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7098 Tenda F456 httpd DhcpListClient fromDhcpListClient buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7097 Tenda F456 httpd webExcptypemanFilter fromwebExcptypemanFilter buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7096 Tenda HG3 formgponConf os command injection — HG3CWE-78 8.8 High2026-04-27
CVE-2026-7082 Tenda F456 httpd WrlExtraSet formWrlExtraSet buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7081 Tenda F456 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7080 Tenda F456 httpd PPTPUserSetting fromPPTPUserSetting buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7079 Tenda F456 httpd AdvSetWan fromAdvSetWan buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7078 Tenda F456 httpd SetIpBind fromSetIpBind buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7057 Tenda F456 httpd setcfm buffer overflow — F456CWE-120 8.8 High2026-04-26
CVE-2026-7056 Tenda F456 httpd SafeUrlFilter fromSafeUrlFilter buffer overflow — F456CWE-120 8.8 High2026-04-26
CVE-2026-7055 Tenda F456 httpd VirtualSer fromVirtualSer buffer overflow — F456CWE-120 8.8 High2026-04-26
CVE-2026-7054 Tenda F456 httpd PPTPDClient fromPptpUserAdd buffer overflow — F456CWE-120 8.8 High2026-04-26
CVE-2026-7053 Tenda F456 httpd L7Prot frmL7ProtForm buffer overflow — F456CWE-120 8.8 High2026-04-26

This page lists every published CVE security advisory associated with Tenda. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.