| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2137 | Tenda TX3 SetIpMacBind buffer overflow | Tenda | TX3 | High | 8.8 | 2026-02-08 05:32:08 | Deep Dive |
| CVE-2026-25857 | Tenda G300-F Command Injection via formSetWanDiag | Shenzhen Tenda Technology | Tenda G300-F | - | - | 2026-02-07 21:41:41 | Deep Dive |
| CVE-2026-24441 | Tenda AC7 Transmits Admin Credentials Without HTTPS Protection | Shenzhen Tenda Technology Co., Ltd. | Tenda AC7 | - | - | 2026-02-03 19:14:41 | Deep Dive |
| CVE-2026-24434 | Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions | Shenzhen Tenda Technology Co., Ltd. | Tenda AC7 | - | - | 2026-02-03 19:13:01 | Deep Dive |
| CVE-2026-24427 | Tenda AC7 Exposes Admin Credentials in Configuration Responses | Shenzhen Tenda Technology Co., Ltd. | Tenda AC7 | - | - | 2026-02-03 19:11:32 | Deep Dive |
| CVE-2026-24426 | Tenda AC7 Reflected XSS via Web Interface Output Encoding | Shenzhen Tenda Technology Co., Ltd. | Tenda AC7 | - | - | 2026-02-03 19:09:37 | Deep Dive |
| CVE-2026-1690 | Tenda HG10 formSysCmd system command injection | Tenda | HG10 | Medium | 4.7 | 2026-01-30 16:32:12 | Deep Dive |
| CVE-2026-1689 | Tenda HG10 Login formLogin checkUserFromLanOrWan command injection | Tenda | HG10 | High | 7.3 | 2026-01-30 16:32:08 | Deep Dive |
| CVE-2026-1687 | Tenda HG10 Boa Webserver formSamba command injection | Tenda | HG10 | High | 7.3 | 2026-01-30 16:02:09 | Deep Dive |
| CVE-2026-1638 | Tenda AC21 mDMZSetCfg command injection | Tenda | AC21 | Medium | 6.3 | 2026-01-29 23:32:11 | Deep Dive |
| CVE-2026-1637 | Tenda AC21 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow | Tenda | AC21 | High | 8.8 | 2026-01-29 22:32:08 | Deep Dive |
| CVE-2026-1610 | Tenda AX12 Pro V2 Telnet Service hard-coded credentials | Tenda | AX12 Pro V2 | High | 8.1 | 2026-01-29 19:02:08 | Deep Dive |
| CVE-2026-24435 | Tenda W30E V2 Permissive CORS Allows Cross-origin Data Access | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:49:03 | Deep Dive |
| CVE-2026-24439 | Tenda W30E V2 Lacks X-Content-Type-Options Header | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:48:37 | Deep Dive |
| CVE-2026-24432 | Tenda W30E V2 Missing CSRF Protections for Administrative Actions | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:46:55 | Deep Dive |
| CVE-2026-24433 | Tenda W30E V2 Stored XSS via Username Field | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:40:59 | Deep Dive |
| CVE-2026-24431 | Tenda W30E V2 Web UI Reveals Passwords in Cleartext | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:40:41 | Deep Dive |
| CVE-2026-24437 | Tenda W30E V2 Missing Cache Controls for Credential-bearing Pages | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:40:23 | Deep Dive |
| CVE-2026-24436 | Tenda W30E V2 Lacks Rate Limiting on Authentication | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:40:05 | Deep Dive |
| CVE-2026-24428 | Tenda W30E V2 Incorrect Authorization Allows Administrator Password Change | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:39:45 | Deep Dive |