Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ac18_firmware
(Tenda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 79 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-01-16 | CVE-2024-57578 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function. | Ac18_firmware | 8.8 | ||
| 2024-03-18 | CVE-2024-28550 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function. | Ac18_firmware | N/A | ||
| 2024-03-18 | CVE-2024-28537 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. | Ac18_firmware | N/A | ||
| 2024-03-18 | CVE-2024-28547 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. | Ac18_firmware | N/A | ||
| 2024-03-26 | CVE-2024-28545 | Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. | Ac18_firmware | N/A | ||
| 2024-03-26 | CVE-2024-28551 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function. | Ac18_firmware | N/A | ||
| 2024-03-17 | CVE-2024-2546 | A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | Ac18_firmware | 8.8 | ||
| 2025-01-16 | CVE-2024-57582 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. | Ac18_firmware | 9.8 | ||
| 2025-01-16 | CVE-2024-57583 | Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | Ac18_firmware | 9.8 | ||
| 2025-01-16 | CVE-2024-57575 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | Ac18_firmware | 9.8 |