VYPR

AC18

by Tenda

CVEs (108)

  • CVE-2022-40861HigSep 23, 2022
    risk 0.47cvss 7.2epss 0.01

    Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/

  • CVE-2024-10280MedOct 23, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to…

  • CVE-2024-28547MedMar 18, 2024
    risk 0.42cvss 6.5epss 0.01

    Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function.

  • CVE-2017-16936MedNov 24, 2017
    risk 0.42cvss 6.5epss 0.01

    Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,…

  • CVE-2025-11121MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.04

    A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-5606MedJun 4, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The…

  • CVE-2024-2854MedMar 24, 2024
    risk 0.41cvss 6.3epss 0.04

    A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The…

  • CVE-2024-57577MedJan 16, 2025
    risk 0.37cvss 5.7epss 0.00

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

  • CVE-2025-8182MedJul 26, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The…

  • CVE-2024-28550MedMar 18, 2024
    risk 0.28cvss 4.3epss 0.00

    Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function.

  • CVE-2024-2560MedMar 17, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely.…

  • CVE-2024-2559MedMar 17, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-14993Dec 21, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely.…

  • CVE-2025-14992Dec 21, 2025
    risk 0.00cvss epss 0.01

    A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote…

  • CVE-2025-63834Nov 10, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage.

  • CVE-2025-63835Nov 10, 2025
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid…

  • CVE-2025-11328Oct 6, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is…

  • CVE-2025-11327Oct 6, 2025
    risk 0.00cvss epss 0.01

    A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The…

  • CVE-2025-11326Oct 6, 2025
    risk 0.00cvss epss 0.01

    A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing a manipulation of the argument wifi_chkHz can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit…

  • CVE-2025-11325Oct 6, 2025
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack is possible…

Page 5 of 6