threat
engine
.sh
Back
·
··:··
Home
/
Product
/
tenda ac9 firmware
Product
tenda ac9 firmware
109 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-6016
all versions
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandl
8.8
HIGH
CVE-2026-6015
all versions
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of
8.8
HIGH
CVE-2026-2192
all versions
A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetR
7.2
HIGH
CVE-2026-2191
all versions
A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation
7.2
HIGH
CVE-2025-14286
all versions
A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the f
5.3
MEDIUM
CVE-2025-57638
all versions
Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.
7.5
HIGH
CVE-2025-57639
all versions
OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.
6.5
MEDIUM
CVE-2025-10443
all versions
A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeComma
8.8
HIGH
CVE-2025-10442
all versions
A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exe
6.3
MEDIUM
CVE-2025-9731
all versions
A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of
2.5
LOW
CVE-2025-5900
all versions
A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipu
4.3
MEDIUM
CVE-2025-5847
all versions
A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function
8.8
HIGH
CVE-2025-5839
all versions
A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function
8.8
HIGH
CVE-2025-5836
all versions
A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of
6.3
MEDIUM
CVE-2025-45042
all versions
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.
9.8
CRITICAL
CVE-2025-44877
all versions
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbna
9.8
CRITICAL
CVE-2025-44872
all versions
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the devic
9.8
CRITICAL
CVE-2025-45429
all versions
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, wh
9.8
CRITICAL
CVE-2025-45428
all versions
In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow v
9.8
CRITICAL
CVE-2025-45427
all versions
In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerabil
9.8
CRITICAL
CVE-2025-29387
all versions
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which
7.1
HIGH
CVE-2025-29386
all versions
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can l
9.8
CRITICAL
CVE-2025-29385
all versions
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which
9.8
CRITICAL
CVE-2025-29384
all versions
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which ca
9.8
CRITICAL
CVE-2025-29032
all versions
Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
5.9
MEDIUM
CVE-2025-22949
all versions
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary
9.8
CRITICAL
CVE-2025-22946
all versions
Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote
9.8
CRITICAL
CVE-2024-10280
all versions
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated
6.5
MEDIUM
CVE-2024-42634
all versions
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker c
9.8
CRITICAL
CVE-2024-25751
all versions
A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker
9.8
CRITICAL
CVE-2024-25756
all versions
A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker
8.0
HIGH
CVE-2024-25753
all versions
Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to
8.8
HIGH
CVE-2024-25748
all versions
A Stack Based Buffer Overflow vulnerability in tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attac
8.8
HIGH
CVE-2024-25746
all versions
Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to
8.8
HIGH
CVE-2024-24543
all versions
Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remot
9.8
CRITICAL
CVE-2023-38823
all versions
Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitr
9.8
CRITICAL
CVE-2023-40942
all versions
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCf
9.8
CRITICAL
CVE-2023-41563
all versions
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via paramet
9.8
CRITICAL
CVE-2023-41562
all versions
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contai
9.8
CRITICAL
CVE-2023-41561
all versions
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via paramet
9.8
CRITICAL
CVE-2023-41560
all versions
Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCf
9.8
CRITICAL
CVE-2023-41559
all versions
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a st
9.8
CRITICAL
CVE-2023-41556
all versions
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a st
9.8
CRITICAL
CVE-2023-41554
all versions
Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraS
9.8
CRITICAL
CVE-2023-41553
all versions
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via paramet
9.8
CRITICAL
CVE-2023-41552
all versions
Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid a
9.8
CRITICAL
CVE-2023-38937
all versions
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15
9.8
CRITICAL
CVE-2023-38936
all versions
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.
9.8
CRITICAL
CVE-2023-38935
all versions
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were
9.8
CRITICAL
CVE-2023-38933
all versions
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.
9.8
CRITICAL
CVE-2023-38930
all versions
Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were disc
9.8
CRITICAL
CVE-2023-37717
all versions
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovere
9.8
CRITICAL
CVE-2023-37716
all versions
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovere
9.8
CRITICAL
CVE-2022-36571
all versions
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.
7.2
HIGH
CVE-2022-36570
all versions
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.
7.2
HIGH
CVE-2022-36569
all versions
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.
8.8
HIGH
CVE-2022-36568
all versions
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.
8.8
HIGH
CVE-2022-36233
all versions
Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.
5.5
MEDIUM
CVE-2022-36273
all versions
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.
9.8
CRITICAL
CVE-2021-42659
all versions
There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.
6.5
MEDIUM
CVE-2022-28560
all versions
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_
9.8
CRITICAL
CVE-2022-27022
all versions
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The atta
9.8
CRITICAL
CVE-2022-27016
all versions
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
9.8
CRITICAL
CVE-2022-26278
all versions
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
9.8
CRITICAL
CVE-2022-25441
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the Set
9.8
CRITICAL
CVE-2022-25440
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.
9.8
CRITICAL
CVE-2022-25439
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.
9.8
CRITICAL
CVE-2022-25438
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.
9.8
CRITICAL
CVE-2022-25437
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.
9.8
CRITICAL
CVE-2022-25435
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.
9.8
CRITICAL
CVE-2022-25434
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.
9.8
CRITICAL
CVE-2022-25433
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.
9.8
CRITICAL
CVE-2022-25431
all versions
Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqo
9.8
CRITICAL
CVE-2022-25429
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
9.8
CRITICAL
CVE-2022-25428
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.
9.8
CRITICAL
CVE-2022-25427
all versions
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
9.8
CRITICAL
CVE-2022-25418
all versions
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
9.8
CRITICAL
CVE-2022-25417
all versions
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
9.8
CRITICAL
CVE-2022-25414
all versions
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
9.8
CRITICAL
CVE-2020-26728
all versions
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remo
9.8
CRITICAL
CVE-2021-31627
<= 15.03.06.42_multi
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to e
8.8
HIGH
CVE-2021-31624
<= 15.03.06.42_multi
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to e
8.8
HIGH
CVE-2020-22079
all versions
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to exec
9.8
CRITICAL
CVE-2020-20746
all versions
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code o
7.2
HIGH
CVE-2020-13394
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13393
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13392
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13391
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13390
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13389
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2018-14559
<= 15.03.05.19\(6318\)_cn
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.
7.5
HIGH
CVE-2018-14557
<= 15.03.05.19\(6318\)_cn
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.
7.5
HIGH
CVE-2018-14558
<= 15.03.05.19\(6318\)_cn
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.
9.8
CRITICAL
CVE-2018-18732
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18731
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18730
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18729
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
9.8
CRITICAL
CVE-2018-18728
all versions
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They all
9.8
CRITICAL
CVE-2018-18727
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18709
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18708
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18707
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18706
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-16334
all versions
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request i
8.8
HIGH
CVE-2018-16333
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-14492
<= v15.03.05.19\(6318\)_cn
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based
7.5
HIGH
CVE-2018-7561
all versions
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or
9.8
CRITICAL
CVE-2017-16936
all versions
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03
6.5
MEDIUM
CVE-2017-16923
all versions
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.0
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin