FAIL › dossier
· dossier confidence 40%
Tenda is a Chinese router manufacturer with a documented history of ignoring critical security vulnerabilities, including a 2026 unpatched backdoor that grants admin access regardless of password.
Tenda demonstrates a critical failure in security governance, evidenced by a pattern of ignoring vulnerability disclosures and failing to patch critical flaws in firmware.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2026-06-19 | CVE-2026-51846 | critical | ⚡RCE | 50 | In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution. |
| 2023-12-20 | CVE-2023-50989 | critical | ⚡RCE | 50 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. |
| 2023-12-20 | CVE-2023-50983 | critical | ⚡RCE | 50 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. |
| 2022-08-19 | CVE-2022-35201 | critical | ⚡RCE | 50 | Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. |
| 2022-01-28 | CVE-2021-44971 | critical | ⚡RCE | 50 | Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. |
| 2026-06-19 | CVE-2026-51843 | critical | 35 | Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter. | |
| 2026-06-19 | CVE-2026-51845 | critical | 35 | Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter. | |
| 2026-06-19 | CVE-2026-51844 | critical | 35 | Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter. | |
| 2024-11-19 | CVE-2024-52714 | critical | 35 | Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. | |
| 2024-07-09 | CVE-2023-48194 | critical | 35 | Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained. | |
| 2023-12-20 | CVE-2023-50986 | critical | 35 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. | |
| 2023-12-20 | CVE-2023-50988 | critical | 35 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. | |
| 2023-12-20 | CVE-2023-50984 | critical | 35 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. | |
| 2023-12-20 | CVE-2023-50990 | critical | 35 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. | |
| 2023-12-20 | CVE-2023-50992 | critical | 35 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. | |
| 2023-12-20 | CVE-2023-50987 | critical | 35 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. | |
| 2023-12-20 | CVE-2023-50985 | critical | 35 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. |
Open questions: Tenda's current patch management process and response time to critical vulnerabilities · Scope of affected devices in the CERT backdoor warning (CVE-2026-11405)