AC15
by Tenda
CVEs (97)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11387 | 0.00 | — | 0.01 | Oct 7, 2025 | A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2025-11386 | 0.00 | — | 0.01 | Oct 7, 2025 | A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched… | |||
| CVE-2025-10443 | 0.00 | — | 0.04 | Sep 15, 2025 | A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The… | |||
| CVE-2025-55564 | 0.00 | — | 0.00 | Aug 21, 2025 | Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. | |||
| CVE-2025-8979 | 0.00 | — | 0.00 | Aug 14, 2025 | A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be… | |||
| CVE-2025-5851 | 0.00 | — | 0.01 | Jun 8, 2025 | A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer… | |||
| CVE-2025-5850 | 0.00 | — | 0.04 | Jun 8, 2025 | A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer… | |||
| CVE-2025-5849 | 0.00 | — | 0.01 | Jun 8, 2025 | A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to… | |||
| CVE-2025-5848 | 0.00 | — | 0.01 | Jun 8, 2025 | A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer… | |||
| CVE-2025-3786 | 0.00 | — | 0.01 | Apr 18, 2025 | A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The… | |||
| CVE-2025-29462 | 0.00 | — | 0.00 | Apr 3, 2025 | A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack. | |||
| CVE-2025-25632 | 0.00 | — | 0.02 | Mar 5, 2025 | Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. | |||
| CVE-2025-25634 | 0.00 | — | 0.00 | Mar 5, 2025 | A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. | |||
| CVE-2024-10662 | 0.00 | — | 0.01 | Nov 1, 2024 | A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated… | |||
| CVE-2024-10661 | 0.00 | — | 0.01 | Nov 1, 2024 | A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated… | |||
| CVE-2024-10280 | 0.00 | — | 0.01 | Oct 23, 2024 | A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to… | |||
| CVE-2024-32303 | 0.00 | — | 0.00 | Apr 17, 2024 | Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | |||
| CVE-2024-30840 | 0.00 | — | 0.00 | Apr 15, 2024 | A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function. | |||
| CVE-2024-30645 | 0.00 | — | 0.01 | Mar 29, 2024 | Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. | |||
| CVE-2024-30613 | 0.00 | — | 0.00 | Mar 29, 2024 | Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function. |
- CVE-2025-11387Oct 7, 2025risk 0.00cvss —epss 0.01
A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been…
- CVE-2025-11386Oct 7, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched…
- CVE-2025-10443Sep 15, 2025risk 0.00cvss —epss 0.04
A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The…
- CVE-2025-55564Aug 21, 2025risk 0.00cvss —epss 0.00
Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.
- CVE-2025-8979Aug 14, 2025risk 0.00cvss —epss 0.00
A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be…
- CVE-2025-5851Jun 8, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer…
- CVE-2025-5850Jun 8, 2025risk 0.00cvss —epss 0.04
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer…
- CVE-2025-5849Jun 8, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to…
- CVE-2025-5848Jun 8, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer…
- CVE-2025-3786Apr 18, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The…
- CVE-2025-29462Apr 3, 2025risk 0.00cvss —epss 0.00
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.
- CVE-2025-25632Mar 5, 2025risk 0.00cvss —epss 0.02
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.
- CVE-2025-25634Mar 5, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.
- CVE-2024-10662Nov 1, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated…
- CVE-2024-10661Nov 1, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated…
- CVE-2024-10280Oct 23, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to…
- CVE-2024-32303Apr 17, 2024risk 0.00cvss —epss 0.00
Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.
- CVE-2024-30840Apr 15, 2024risk 0.00cvss —epss 0.00
A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.
- CVE-2024-30645Mar 29, 2024risk 0.00cvss —epss 0.01
Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.
- CVE-2024-30613Mar 29, 2024risk 0.00cvss —epss 0.00
Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.
Page 4 of 5