GCVE - cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*

part: h version: 1.0 update: *

Vendor	Tendacn (`911f347d-94dc-5fe9-b545-6a7f771d2f53`)
Product	Ac9 (`397107bd-de9e-5ff5-8fe4-a8bec173f6dc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-31627`	not_vulnerable	2026-06-03 14:44:33.391274	Details available Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. Published: 2021-10-29T10:32:17.000Z Updated: 2024-08-03T23:03:33.562Z Open on db.gcve.eu Reference links http://tenda.com https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-31624`	not_vulnerable	2026-06-03 14:44:33.390790	Details available Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. Published: 2021-10-29T10:25:47.000Z Updated: 2024-08-03T23:03:33.617Z Open on db.gcve.eu Reference links http://tenda.com https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-22079`	not_vulnerable	2026-06-03 14:42:05.245586	Details available Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg. Published: 2021-10-29T10:19:30.000Z Updated: 2024-08-04T14:51:10.418Z Open on db.gcve.eu Reference links https://cwe.mitre.org/data/definitions/121.html https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11 https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13394`	not_vulnerable	2026-06-03 14:41:36.607116	Details available An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. Published: 2020-05-22T16:06:34.000Z Updated: 2024-08-04T12:18:17.568Z Open on db.gcve.eu Reference links https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13393`	not_vulnerable	2026-06-03 14:41:36.606389	Details available An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. Published: 2020-05-22T16:06:41.000Z Updated: 2024-08-04T12:18:17.648Z Open on db.gcve.eu Reference links https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13392`	not_vulnerable	2026-06-03 14:41:36.605831	Details available An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. Published: 2020-05-22T16:06:47.000Z Updated: 2024-08-04T12:18:17.686Z Open on db.gcve.eu Reference links https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13391`	not_vulnerable	2026-06-03 14:41:36.605292	Details available An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. Published: 2020-05-22T16:06:55.000Z Updated: 2024-08-04T12:18:17.636Z Open on db.gcve.eu Reference links https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13390`	not_vulnerable	2026-06-03 14:41:36.604725	Details available An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. Published: 2020-05-22T16:07:03.000Z Updated: 2024-08-04T12:18:17.683Z Open on db.gcve.eu Reference links https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13389`	not_vulnerable	2026-06-03 14:41:36.600833	Details available An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. Published: 2020-05-22T16:07:10.000Z Updated: 2024-08-04T12:18:17.598Z Open on db.gcve.eu Reference links https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.