Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
tenda

ac6

10 Versions 23 CVEs

Versions

1.0br_v15.03.05.16_multi_td01.bin

OTHER 10 CVEs

US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin

OTHER 1 CVE

1.0br_v15.03.05.16

OTHER 1 CVE

V2.0 V15.03.06.23

OTHER 4 CVEs

us_ac6v4.0rtl_v02.03.01.26_cn.bin

OTHER 1 CVE

1.0.0br_v15.03.05.16_multi_td01.bin

OTHER 1 CVE

US_AC6V1.0BR_V15.03.05.19

OTHER 1 CVE

15.03.05.16

OTHER 1 CVE

15.03.05.19

OTHER 2 CVEs

20241022

SINGLE_NUMBER 1 CVE

Recent CVEs

CVE-2025-0349

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

UNKNOWN Jan 09, 2025

CVE-2024-10698

A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

UNKNOWN Nov 02, 2024

CVE-2024-10697

A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

UNKNOWN Nov 02, 2024

CVE-2024-10280

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

UNKNOWN Oct 23, 2024

CVE-2021-40546

Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi.

UNKNOWN Sep 05, 2023

CVE-2023-40844

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.'

UNKNOWN Aug 30, 2023

CVE-2023-40842

Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R7WebsSecurityHandler."

UNKNOWN Aug 30, 2023

CVE-2023-40837

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands.

UNKNOWN Aug 30, 2023