VYPR

AC18

by Tenda

CVEs (108)

  • CVE-2024-10280Oct 23, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to…

  • CVE-2024-41630Jul 31, 2024
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.

  • CVE-2024-33180Jul 16, 2024
    risk 0.00cvss epss 0.01

    Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.

  • CVE-2024-33181Jul 16, 2024
    risk 0.00cvss epss 0.01

    Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter.

  • CVE-2024-33182Jul 16, 2024
    risk 0.00cvss epss 0.01

    Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.

  • CVE-2024-34974May 10, 2024
    risk 0.00cvss epss 0.01

    Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter.

  • CVE-2024-33835May 1, 2024
    risk 0.00cvss epss 0.01

    Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.

  • CVE-2024-30891Apr 5, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.

Page 6 of 6