Filtered by vendor Tenda
Subscriptions
Filtered by product Ac18 Firmware
Subscriptions
Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57582 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-22 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. | ||||
| CVE-2024-57579 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-19 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function. | ||||
| CVE-2024-57581 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-18 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | ||||
| CVE-2024-57580 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-18 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | ||||
| CVE-2024-57578 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-17 | 5.7 Medium |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function. | ||||
| CVE-2024-57577 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-17 | 5.7 Medium |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | ||||
| CVE-2024-34974 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-17 | 8.2 High |
| Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter. | ||||
| CVE-2024-28545 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-13 | 9.8 Critical |
| Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. | ||||
| CVE-2024-28551 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-13 | 7.5 High |
| Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function. | ||||
| CVE-2024-28547 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-13 | 6.5 Medium |
| Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. | ||||
| CVE-2024-28537 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-13 | 9.8 Critical |
| Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. | ||||
| CVE-2024-28550 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-13 | 4.3 Medium |
| Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function. | ||||
| CVE-2024-2546 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-11 | 8.8 High |
| A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2485 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-02-13 | 8.8 High |
| A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-57583 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-02-04 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | ||||
| CVE-2024-57575 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-02-03 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | ||||
| CVE-2023-30135 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-01-29 | 9.8 Critical |
| Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | ||||
| CVE-2024-2547 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-01-27 | 8.8 High |
| A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2558 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-01-27 | 8.8 High |
| A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2559 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-01-27 | 4.3 Medium |
| A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||