COOEY // HUBcompliance · community · intelligence

FAIL › dossier

tenda vendor

· dossier confidence 40%

Tenda is a Chinese router manufacturer with a documented history of ignoring critical security vulnerabilities, including a 2026 unpatched backdoor that grants admin access regardless of password.

17
failure events
0
zero-days
5
RCEs
0
on KEV
17
critical
50
worst shame

Profile

Category
vendor
What they do
Tenda is a Chinese manufacturer of consumer networking equipment, primarily routers and Wi-Fi devices.
HQ
Shenzhen, China
Website
https://www.tendacn.com

Security posture

Tenda demonstrates a critical failure in security governance, evidenced by a pattern of ignoring vulnerability disclosures and failing to patch critical flaws in firmware.

Notable failures
  • CVE-2026-11405: Unpatched admin backdoor allowing passwordless access
  • CVE-2026-51846: Critical RCE via stack buffer overflow in AC7 firmware
  • CVE-2023-50989: Command injection in Tenda i29 firmware
Patterns
Repeated unpatched critical RCE vulnerabilities; Ignoring CERT/CC vulnerability disclosures; Hardcoded administrative backdoors in firmware

Failure history 17 events

DateEventSevFlagsShameSummary
2026-06-19 CVE-2026-51846 critical ⚡RCE 50 In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution.
2023-12-20 CVE-2023-50989 critical ⚡RCE 50 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
2023-12-20 CVE-2023-50983 critical ⚡RCE 50 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.
2022-08-19 CVE-2022-35201 critical ⚡RCE 50 Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.
2022-01-28 CVE-2021-44971 critical ⚡RCE 50 Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
2026-06-19 CVE-2026-51843 critical 35 Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.
2026-06-19 CVE-2026-51845 critical 35 Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.
2026-06-19 CVE-2026-51844 critical 35 Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter.
2024-11-19 CVE-2024-52714 critical 35 Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime.
2024-07-09 CVE-2023-48194 critical 35 Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.
2023-12-20 CVE-2023-50986 critical 35 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.
2023-12-20 CVE-2023-50988 critical 35 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.
2023-12-20 CVE-2023-50984 critical 35 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.
2023-12-20 CVE-2023-50990 critical 35 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.
2023-12-20 CVE-2023-50992 critical 35 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.
2023-12-20 CVE-2023-50987 critical 35 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.
2023-12-20 CVE-2023-50985 critical 35 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.

Dossier sources

Open questions: Tenda's current patch management process and response time to critical vulnerabilities · Scope of affected devices in the CERT backdoor warning (CVE-2026-11405)