VYPR

AC18

by Tenda

CVEs (108)

  • CVE-2022-38313CriSep 7, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentControlInfo.

  • CVE-2022-38312CriSep 7, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.

  • CVE-2022-38311CriSep 7, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet.

  • CVE-2022-38310CriSep 7, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.

  • CVE-2022-38309CriSep 7, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.

  • CVE-2022-35201CriAug 19, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.

  • CVE-2022-30477CriMay 26, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.

  • CVE-2022-30476CriMay 26, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.

  • CVE-2022-30474CriMay 26, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request.

  • CVE-2022-30472CriMay 26, 2022
    risk 0.64cvss 9.8epss 0.01

    Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat

  • CVE-2020-24987CriSep 4, 2020
    risk 0.64cvss 9.8epss 0.03

    Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface…

  • CVE-2020-13391CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2018-18729CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the…

  • CVE-2018-18728CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.

  • CVE-2026-11557HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The…

  • CVE-2026-11556HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.02

    A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote…

  • CVE-2026-11528HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be…

  • CVE-2025-5609HigJun 4, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The…

  • CVE-2025-5608HigJun 4, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack…

  • CVE-2025-5607HigJun 4, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The…

Page 3 of 6