Nguyen Le Quoc Anh - Security Researcher - Exploit Intelligence Platform

CVE-2023-38823 WRITEUP CRITICAL WORKING POC

Tenda - Buffer Overflow

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

CVSS 9.8

View Code

CVE-2024-33365 WRITEUP HIGH WORKING POC

Tenda Ac10 Firmware - Buffer Overflow

Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component.

CVSS 7.5

View Code

CVE-2025-67073 WRITEUP CRITICAL WORKING POC

Tenda Ac10 Firmware - Buffer Overflow

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.

CVSS 9.8

View Code

CVE-2025-67074 WRITEUP MEDIUM WORKING POC

Tenda Ac10 Firmware - Buffer Overflow

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.

CVSS 6.5

View Code