📦

ac9

Vendor: tenda

Actively Exploited 1 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 48 Remote Access

Total CVEs 151 Total Indexed

Avg. EPSS 2.71% Exploit Prob.

Latest CVE CVE-2026-6016 Apr 10

Security Vulnerability Index

Page 4 / 16

8.8 CVSS

CVE-2024-25753

RCE

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function.

EPSS: 0.99%

Severity: HIGH

Feb 22, 2024

8.8 CVSS

CVE-2024-25748

RCE

A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function.

EPSS: 0.98%

Severity: HIGH

Feb 22, 2024

8.8 CVSS

CVE-2024-25746

RCE

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.

EPSS: 0.98%

Severity: HIGH

Feb 22, 2024

9.8 CVSS

CVE-2024-24543

RCE

Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.

EPSS: 1.29%

Severity: CRITICAL

Feb 05, 2024

9.8 CVSS

CVE-2023-38823

RCE

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

EPSS: 4.06%

Severity: CRITICAL

Nov 20, 2023

9.8 CVSS

CVE-2023-40942

Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.

EPSS: 0.15%

Severity: CRITICAL

Sep 07, 2023

9.8 CVSS

CVE-2023-41563

Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo.

EPSS: 0.15%

Severity: CRITICAL

Aug 30, 2023

9.8 CVSS

CVE-2023-41562

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet.

EPSS: 0.15%

Severity: CRITICAL

Aug 30, 2023

9.8 CVSS

CVE-2023-41561

Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.

EPSS: 0.15%

Severity: CRITICAL

Aug 30, 2023

9.8 CVSS

CVE-2023-41560

Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg.

EPSS: 0.15%

Severity: CRITICAL

Aug 30, 2023

Displaying 10 of 151 Total Entries

2 3 4 5 6 ... 16

Total 16 Sections