Svigo-o/Tenda_vul

Releases0

Stars2

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-4008 ↗	Mar 12, 2026Thursday, 12 March 2026, 07:16	8.8 HIGH	9 HIGH
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2026-4007 ↗	Mar 12, 2026Thursday, 12 March 2026, 07:16	8.8 HIGH	9 HIGH
A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-3976 ↗	Mar 12, 2026Thursday, 12 March 2026, 03:15	8.8 HIGH	9 HIGH
A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-3975 ↗	Mar 12, 2026Thursday, 12 March 2026, 03:15	8.8 HIGH	9 HIGH
A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-3974 ↗	Mar 12, 2026Thursday, 12 March 2026, 03:15	8.8 HIGH	9 HIGH
A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-3973 ↗	Mar 12, 2026Thursday, 12 March 2026, 02:15	8.8 HIGH	9 HIGH
A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3972 ↗	Mar 12, 2026Thursday, 12 March 2026, 02:15	8.8 HIGH	8.3 HIGH
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used.
CVE-2026-3970 ↗	Mar 12, 2026Thursday, 12 March 2026, 01:15	8.8 HIGH	9 HIGH
A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
CVE-2026-3971 ↗	Mar 12, 2026Thursday, 12 March 2026, 01:15	8.8 HIGH	9 HIGH
A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2026-3811 ↗	Mar 9, 2026Monday, 9 March 2026, 09:16	8.8 HIGH	9 HIGH
A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
CVE-2026-3810 ↗	Mar 9, 2026Monday, 9 March 2026, 08:16	8.8 HIGH	9 HIGH
A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2026-3809 ↗	Mar 9, 2026Monday, 9 March 2026, 08:16	8.8 HIGH	9 HIGH
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
CVE-2026-3808 ↗	Mar 9, 2026Monday, 9 March 2026, 08:16	8.8 HIGH	9 HIGH
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVE-2026-3807 ↗	Mar 9, 2026Monday, 9 March 2026, 07:16	8.8 HIGH	9 HIGH
A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-3804 ↗	Mar 9, 2026Monday, 9 March 2026, 06:16	8.8 HIGH	9 HIGH
A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-3803 ↗	Mar 9, 2026Monday, 9 March 2026, 06:16	8.8 HIGH	9 HIGH
A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-3802 ↗	Mar 9, 2026Monday, 9 March 2026, 05:15	8.8 HIGH	9 HIGH
A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3801 ↗	Mar 9, 2026Monday, 9 March 2026, 04:16	8.8 HIGH	9 HIGH
A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVE-2026-3799 ↗	Mar 9, 2026Monday, 9 March 2026, 04:16	8.8 HIGH	9 HIGH
A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.