VYPR
Unrated severityNVD Advisory· Published Nov 10, 2025· Updated Dec 1, 2025

CVE-2025-63834

CVE-2025-63834

Description

A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage.

Affected products

2
  • Tenda/AC18cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = v15.03.05.05_multi

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.