jangfan

3 exploits Active since Feb 2025
CVE-2025-25664 WRITEUP CRITICAL WRITEUP
Tenda Ac8 Firmware - Out-of-Bounds Write
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.
CVSS 9.8
CVE-2025-25668 WRITEUP CRITICAL WRITEUP
Tenda Ac8 Firmware - Buffer Overflow
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function.
CVSS 9.8
CVE-2025-25675 WRITEUP CRITICAL WRITEUP
Tenda Ac10 Firmware - Command Injection
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.
CVSS 9.8