Tenda Ac15

Tenda AC15 v15.03.05.18: Auth Cookie Exposes Hash & Low-Entropy Session ID
CVE-2025-63666 9.8 - Critical - November 12, 2025

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.

Authorization

Stack Buffer Overflow in Tenda AC15 15.03.05.18 /goform/saveAutoQos Remote Exploit
CVE-2025-11389 8.8 - High - October 07, 2025

A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

Stack Overflow

Tenda AC15 V15.03.05.18 Remote SRB Overflow via /goform/setNotUpgrade
CVE-2025-11388 8.8 - High - October 07, 2025

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.

Stack Overflow

Tenda AC15 15.03.05.18 Stack Buffer Overflow in fast_setting_pppoe_set
CVE-2025-11387 8.8 - High - October 07, 2025

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Stack Overflow

Tenda AC15 15.03.05.18 Stack Buffer Overflow in SetDDNSCfg POST ddnsEn
CVE-2025-11386 8.8 - High - October 07, 2025

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

Stack Overflow

Tenda AC15 15.03.20 stack overflow via PPW param
CVE-2024-32303 - April 17, 2024

Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.

Stack Overflow Denial of Service in Tenda AC15 v15.03.05.18 via LISTEN parameter
CVE-2024-30840 - April 15, 2024

A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.

Stack overflow in setSmartPowerManagement on Tenda AC15 v15.03.05.18
CVE-2024-30613 - March 29, 2024

Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.

Tenda AC15 15.03.05.18/19/20 Stack Buffer Overflow in setSysTime
CVE-2024-2855 9.8 - Critical - March 24, 2024

A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Tenda AC15 15.03.05.18 OS Command Injection via usbName (formSetSambaConf)
CVE-2024-2851 9.8 - Critical - March 24, 2024

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

Tenda AC15 15.03.05.18 Remote Stack Overflow in /goform/saveParentControlInfo
CVE-2024-2850 9.8 - Critical - March 24, 2024

A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Tenda AC15 15.03.05.18 /goform/SysToolRestoreSet CSRF
CVE-2024-2817 6.5 - Medium - March 22, 2024

A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Session Riding

Tenda AC15 <=15.03.05.18: XSRF via SysToolReboot
CVE-2024-2816 6.5 - Medium - March 22, 2024

A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Session Riding

Critical Stack Overflow in Tenda AC15 15.03.20 Cookie Handler /goform/execCommand
CVE-2024-2815 9.8 - Critical - March 22, 2024

A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Critical Stack Buffer Overflow in Tenda AC15 15.03.20_multi DhcpListClient (page arg)
CVE-2024-2814 9.8 - Critical - March 22, 2024

A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Tenda AC15 15.03.05.18 Remote OS Command Injection via formWriteFacMac
CVE-2024-2812 8.8 - High - March 22, 2024

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

Tenda AC15 15.03.20_multi - Critical Stack BV in form_fast_setting_wifi_set
CVE-2024-2813 9.8 - Critical - March 22, 2024

A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Critical stack buffer overflow in Tenda AC15 15.03.20_multi formWifiWpsStart
CVE-2024-2811 9.8 - Critical - March 22, 2024

A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Tenda AC15 15.03.05.18: Remote Stack BufOv in WifiWpsOOB (critical)
CVE-2024-2810 9.8 - Critical - March 22, 2024

A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Tenda AC15 R15.03.05.18-20 formSetFirewallCfg buf overflow (CVE20242809)
CVE-2024-2809 9.8 - Critical - March 22, 2024

A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Tenda AC15 15.03.05.18 Critical Stack Buffer Overflow in formQuickIndex
CVE-2024-2808 9.8 - Critical - March 22, 2024

A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Stack Buffer Overflow via /goform/expandDlnaFile in Tenda AC15 15.03.05.18
CVE-2024-2807 9.8 - Critical - March 22, 2024

A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Tenda AC15 15.03.05.18 Remote Stack Buffer Overflow (addWifiMacFilter)
CVE-2024-2806 9.8 - Critical - March 22, 2024

A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Tenda AC15 v15.03.05.18/15.03.20_multi crit stk buf ovf via formSetSpeedWan
CVE-2024-2805 8.8 - High - March 22, 2024

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC15 Buffer Overflow via FUN_00010e34() in v15.03.05.18
CVE-2023-39673 9.8 - Critical - August 18, 2023

Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().

Classic Buffer Overflow

Tenda AC15 v15.03.05.19 Stack-Based Buffer Overflow in sub_8EE8
CVE-2023-30378 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability.

Memory Corruption

CVE-2023-30376: Stack Buffer Overflow in Tenda AC15 V15.03.05.19 henan_pppoe_user
CVE-2023-30376 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability.

Memory Corruption

Stack Buffer Overflow in Tenda AC15 AC15 V15.03.05.19 getIfIp (CVE202330375)
CVE-2023-30375 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability.

Memory Corruption

Tenda AC15 v15.03.05.19 Buffer Overflow in xkjs_ver32
CVE-2023-30372 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability.

Memory Corruption

Stack Overflow in Tenda AC15 V15.03.05.19 via sub_ED14
CVE-2023-30371 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability.

Memory Corruption

Stack Buf Overf in Tenda AC15 v15.03.05.19 GetValue
CVE-2023-30370 9.8 - Critical - April 24, 2023

In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability.

Memory Corruption

Buffer Overflow in Tenda AC15 Firmware V15.03.05.19
CVE-2023-30369 9.8 - Critical - April 24, 2023

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.

Memory Corruption

Tenda AC15 V15.03.06.23 Buffer Overflow in formSetClientState
CVE-2022-46109 7.5 - High - December 16, 2022

Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.

Memory Corruption

Buffer Overflow in Tenda AC15 V15.03.05.19 (formSetIpMacBind)
CVE-2022-44156 7.5 - High - November 21, 2022

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.

Memory Corruption

Buffer Overflow in Tenda AC15 (V15.03.05.18) via formSetVirtualSer
CVE-2022-44169 7.5 - High - November 21, 2022

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.

Memory Corruption

Tenda AC15 Buffer Overflow via fromSetRouteStatic (V15.03.05.18)
CVE-2022-44168 7.5 - High - November 21, 2022

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..

Memory Corruption

Stack overflow via timeZone param in Tenda AC15 firmware v15.03.05.18
CVE-2022-43259 7.5 - High - October 18, 2022

Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.

Memory Corruption

Stack Overflow in Tenda AC15 (V15.03.05.19) via fromAddressNat
CVE-2022-40851 9.8 - Critical - September 23, 2022

Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.

Memory Corruption

Tenda AC15/AC18 Router Stack Overflow in fromDhcpListClient (V15.03.05.19)
CVE-2022-40869 9.8 - Critical - September 23, 2022

Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").

Memory Corruption

Tenda AC15/AC18 Heap Overflow in setSchedWifi (V15.03.05.19)
CVE-2022-40865 9.8 - Critical - September 23, 2022

Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/

Memory Corruption

Tenda AC15 V15.03.05.19 Stack Overflow via /goform/SetNetControlList
CVE-2022-40860 9.8 - Critical - September 23, 2022

Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList

Memory Corruption

Stack Overflow in Tenda AC15 via /goform/fast_setting_wifi_set 'list' (V15.03.05.19)
CVE-2022-40853 9.8 - Critical - September 23, 2022

Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set

Memory Corruption

CVE-2022-38326: Buffer Overflow in Tenda AC15/AC18 /goform/NatStaticSetting V15.03.05.19_multi
CVE-2022-38326 9.8 - Critical - September 15, 2022

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting.

Classic Buffer Overflow

Tenda AC15 V15.03.05.18 HTTPD stack buffer overflow
CVE-2022-37175 9.8 - Critical - August 19, 2022

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.

Memory Corruption