QIU-DIE/cve-nneeww

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-2910 ↗	Feb 22, 2026Sunday, 22 February 2026, 04:15	8.8 HIGH	9 HIGH
A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2026-2909 ↗	Feb 22, 2026Sunday, 22 February 2026, 02:16	8.8 HIGH	9 HIGH
A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2026-2906 ↗	Feb 22, 2026Sunday, 22 February 2026, 02:16	8.8 HIGH	9 HIGH
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-2907 ↗	Feb 22, 2026Sunday, 22 February 2026, 02:16	8.8 HIGH	9 HIGH
A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVE-2026-2908 ↗	Feb 22, 2026Sunday, 22 February 2026, 02:16	8.8 HIGH	9 HIGH
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-2905 ↗	Feb 22, 2026Sunday, 22 February 2026, 02:16	8.8 HIGH	9 HIGH
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVE-2026-2886 ↗	Feb 21, 2026Saturday, 21 February 2026, 21:16	8.8 HIGH	9 HIGH
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-2874 ↗	Feb 21, 2026Saturday, 21 February 2026, 18:15	8.8 HIGH	9 HIGH
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2026-2873 ↗	Feb 21, 2026Saturday, 21 February 2026, 17:15	8.8 HIGH	9 HIGH
A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-2871 ↗	Feb 21, 2026Saturday, 21 February 2026, 16:16	8.8 HIGH	9 HIGH
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-2872 ↗	Feb 21, 2026Saturday, 21 February 2026, 16:16	8.8 HIGH	9 HIGH
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVE-2026-2870 ↗	Feb 21, 2026Saturday, 21 February 2026, 15:15	8.8 HIGH	9 HIGH
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.