VYPR

AC18

by Tenda

CVEs (108)

  • CVE-2024-57578HigJan 16, 2025
    risk 0.57cvss 8.8epss 0.01

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.

  • CVE-2024-33181HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.01

    Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter.

  • CVE-2024-30891HigApr 5, 2024
    risk 0.57cvss 8.8epss 0.02

    A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.

  • CVE-2024-2558HigMar 17, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated…

  • CVE-2024-2547HigMar 17, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been…

  • CVE-2024-2546HigMar 17, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely.…

  • CVE-2024-2490HigMar 15, 2024
    risk 0.57cvss 8.8epss 0.02

    A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The…

  • CVE-2024-2489HigMar 15, 2024
    risk 0.57cvss 8.8epss 0.02

    A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack…

  • CVE-2024-2488HigMar 15, 2024
    risk 0.57cvss 8.8epss 0.02

    A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated…

  • CVE-2024-2487HigMar 15, 2024
    risk 0.57cvss 8.8epss 0.02

    A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack…

  • CVE-2024-2486HigMar 15, 2024
    risk 0.57cvss 8.8epss 0.02

    A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the…

  • CVE-2024-2485HigMar 15, 2024
    risk 0.57cvss 8.8epss 0.02

    A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched…

  • CVE-2017-16923HigNov 21, 2017
    risk 0.57cvss 8.8epss 0.03

    Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,…

  • CVE-2024-34974HigMay 14, 2024
    risk 0.53cvss 8.2epss 0.01

    Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter.

  • CVE-2024-41630HigJul 31, 2024
    risk 0.49cvss 7.6epss 0.01

    Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.

  • CVE-2024-28551HigMar 26, 2024
    risk 0.49cvss 7.5epss 0.01

    Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.

  • CVE-2018-18732HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer'…

  • CVE-2018-18731HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac'…

  • CVE-2018-18730HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and…

  • CVE-2025-0528HigJan 17, 2025
    risk 0.47cvss 7.2epss 0.06

    A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The…

Page 4 of 6