VYPR

AC15

by Tenda

CVEs (97)

  • CVE-2022-38325CriSep 15, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile.

  • CVE-2022-37175CriAug 19, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.

  • CVE-2021-44971CriJan 28, 2022
    risk 0.64cvss 9.8epss 0.03

    Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.

  • CVE-2020-15916CriJul 23, 2020
    risk 0.64cvss 9.8epss 0.03

    goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.

  • CVE-2020-13394CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13393CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13392CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13391CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13390CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13389CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2018-18728CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.

  • CVE-2018-5768CriMar 20, 2018
    risk 0.64cvss 9.8epss 0.04

    A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.

  • CVE-2018-5770CriMar 20, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts,…

  • CVE-2026-5830HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is…

  • CVE-2026-4975HigMar 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely.…

  • CVE-2017-16923HigNov 21, 2017
    risk 0.57cvss 8.8epss 0.03

    Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,…

  • CVE-2022-46109HigDec 16, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.

  • CVE-2022-44156HigNov 21, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.

  • CVE-2022-44169HigNov 21, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.

  • CVE-2022-44168HigNov 21, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..

Page 2 of 5