Zezhifu

#6035of 53,630
45Total CVSS
Vulnerabilities · 5
High
5
PT-2025-33468
9.0
2025-08-15
Tenda · Tenda Ac7 · CVE-2025-9023
Name of the Vulnerable Software and Affected Versions: Tenda AC7 versions 15.03.05.19 through 15.03.06.44 Tenda AC18 versions 15.03.05.19 through 15.03.06.44 Description: A vulnerability exists in Tenda AC7 and AC18 devices. The `formSetSchedLed` function within the `/goform/SetLEDCfg` file is susceptible to a buffer overflow due to manipulation of the `Time` argument. This allows for remote exploitation of the issue. The exploit has been publicly disclosed. Recommendations: Tenda AC7 version 15.03.05.18 and earlier Tenda AC18 version 15.03.05.18 and earlier Tenda AC7 version 15.03.06.43 and earlier Tenda AC18 version 15.03.06.43 and earlier
PT-2025-29931
9.0
2025-07-13
Tenda · Tenda Fh451 · CVE-2025-7747
**Name of the Vulnerable Software and Affected Versions** Tenda FH451 version 1.0.0.9 **Description** A critical issue exists in the POST Request Handler component due to a buffer overflow in the `fromWizardHandle` function within the `/goform/WizardHandle` file. The `PPW` argument can be manipulated to trigger this overflow, allowing for remote exploitation. The exploit for this issue has been publicly disclosed. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/WizardHandle` file.
PT-2025-29194
9.0
2025-07-10
Tenda · Tenda Fh451 · CVE-2025-7434
**Name of the Vulnerable Software and Affected Versions:** Tenda FH451 versions up to 1.0.0.9 **Description:** A critical vulnerability exists in Tenda FH451. The issue affects the `fromAddressNat` function within the `/goform/addressNat` file of the POST Request Handler component. Manipulation of the `page` argument results in a stack-based buffer overflow, potentially allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations:** Tenda FH451 versions prior to 1.0.0.9 should be updated.
PT-2025-29349
9.0
2025-07-08
Tenda · Tenda Fh451 · CVE-2025-7505
Name of the Vulnerable Software and Affected Versions: Tenda FH451 version 1.0.0.9 Description: A critical vulnerability exists in Tenda FH451. The manipulation of the `page` argument in the `frmL7ProtForm` function within the HTTP POST Request Handler, located at the `/goform/L7Prot` endpoint, leads to a stack-based buffer overflow. This issue is remotely exploitable, and the exploit has been publicly disclosed. Recommendations: Tenda FH451 version 1.0.0.9: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-29350
9.0
2025-07-08
Tenda · Tenda Fh451 · CVE-2025-7506
Name of the Vulnerable Software and Affected Versions: Tenda FH451 version 1.0.0.9 Description: A critical vulnerability exists in the Tenda FH451. The `fromNatlimit` function within the HTTP POST Request Handler, located in the file `/goform/Natlimit`, is susceptible to a stack-based buffer overflow. This occurs through the manipulation of the `page` argument, allowing for remote exploitation. The exploit for this vulnerability has been publicly disclosed. Recommendations: Tenda FH451 version 1.0.0.9: At the moment, there is no information about a newer version that contains a fix for this vulnerability.