Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ac18_firmware
(Tenda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 74 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-03-18 | CVE-2024-28537 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. | Ac18_firmware | N/A | ||
| 2024-03-18 | CVE-2024-28547 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. | Ac18_firmware | N/A | ||
| 2024-03-26 | CVE-2024-28545 | Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. | Ac18_firmware | N/A | ||
| 2024-03-26 | CVE-2024-28551 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function. | Ac18_firmware | N/A | ||
| 2024-03-17 | CVE-2024-2546 | A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | Ac18_firmware | 8.8 | ||
| 2025-01-16 | CVE-2024-57582 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. | Ac18_firmware | 9.8 | ||
| 2025-01-16 | CVE-2024-57583 | Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | Ac18_firmware | 9.8 | ||
| 2025-01-16 | CVE-2024-57575 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | Ac18_firmware | 9.8 | ||
| 2023-05-05 | CVE-2023-30135 | Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | Ac18_firmware | 9.8 | ||
| 2024-03-17 | CVE-2024-2547 | A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | Ac18_firmware | 8.8 |