Tenda ac9
This hub aggregates every CVE we track for Tenda ac9, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
27
CVEs tracked
12
Critical
9
High
0
In CISA KEV
Severity distribution
CRITICAL12HIGH9MEDIUM6
Monthly trend
0
0
0
1
0
0
0
0
5
0
2
4
0
0
3
0
0
0
0
2
0
2
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Tenda ac9.
- CVE-2026-6016Tenda AC9 POST Request WizardHandle decodePwd stack-based overflow8.8
- CVE-2026-6015Tenda AC9 POST Request QuickIndex formQuickIndex stack-based overflow8.8
- CVE-2026-2192Tenda AC9 formGetRebootTimer stack-based overflow7.2
- CVE-2026-2191Tenda AC9 formGetDdosDefenceList stack-based overflow7.2
- CVE-2025-57639OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd ...6.5
- CVE-2025-57638Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.7.5
- CVE-2025-10442Tenda AC9/AC15 exeCommand formexeCommand os command injection6.3
- CVE-2025-5900Tenda AC9 cross-site request forgery4.3
- CVE-2025-5847Tenda AC9 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow8.8
- CVE-2025-5839Tenda AC9 POST Request AdvSetLanip fromadvsetlanip buffer overflow8.8
- CVE-2025-5836Tenda AC9 POST Request SetIPTVCfg formSetIptv command injection6.3
- CVE-2025-45042Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.9.8
- CVE-2025-44877Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitr...9.8
- CVE-2025-29387In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.7.1
- CVE-2025-29386In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.9.8
Product normalization is registry-driven with AI assist and human review. How it works