Li Tengzheng

205 exploits Active since Feb 2026
CVE-2026-7054 WRITEUP HIGH WRITEUP
Tenda F456 httpd PPTPDClient fromPptpUserAdd buffer overflow
A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 8.8
CVE-2026-7029 WRITEUP HIGH WRITEUP
Tenda F456 addressNat fromaddressNat buffer overflow
A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CVSS 8.8
CVE-2026-7030 WRITEUP HIGH WRITEUP
Tenda F456 RouteStatic fromRouteStatic buffer overflow
A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS 8.8
CVE-2026-7031 WRITEUP HIGH WRITEUP
Tenda F456 SafeMacFilter fromSafeMacFilter buffer overflow
A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVSS 8.8
CVE-2026-7032 WRITEUP HIGH WRITEUP
Tenda F456 SafeEmailFilter buffer overflow
A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVSS 8.8
CVE-2026-7033 WRITEUP HIGH WRITEUP
Tenda F456 SafeClientFilter fromSafeClientFilter buffer overflow
A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2026-7034 WRITEUP HIGH WRITEUP
Tenda FH1202 httpd WrlExtraSet stack-based overflow
A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS 8.8
CVE-2026-7035 WRITEUP HIGH WRITEUP
Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow
A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 8.8
CVE-2026-7036 WRITEUP HIGH WRITEUP
Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal
A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVSS 7.3
CVE-2026-7037 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVSS 9.8
CVE-2026-7019 WRITEUP HIGH WRITEUP
Tenda F456 P2pListFilter fromP2pListFilter buffer overflow
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVSS 8.8
CVE-2026-6197 WRITEUP HIGH WRITEUP
Tenda F456 AdvSetWrlsafeset formWrlsafeset stack-based overflow
A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
CVSS 8.8
CVE-2026-6198 WRITEUP HIGH WRITEUP
Tenda F456 NatStaticSetting fromNatStaticSetting stack-based overflow
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2026-6199 WRITEUP HIGH WRITEUP
Tenda F456 qossetting fromqossetting stack-based overflow
A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVSS 8.8
CVE-2026-6200 WRITEUP HIGH WRITEUP
Tenda F456 webtypelibrary formwebtypelibrary stack-based overflow
A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 8.8
CVE-2026-6195 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS 9.8
CVE-2026-6196 WRITEUP HIGH WRITEUP
Tenda F456 exeCommand fromexeCommand stack-based overflow
A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 8.8
CVE-2026-6138 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
CVSS 9.8
CVE-2026-6139 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 9.8
CVE-2026-6140 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS 9.8
CVE-2026-6154 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS 9.8
CVE-2026-6155 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 9.8
CVE-2026-6156 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS 9.8
CVE-2026-6131 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
CVSS 9.8
CVE-2026-6132 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection
A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVSS 9.8