Tenda Ac18

Stack Buffer Overflow in Tenda AC18 HTTP Handler (sprintf) Pre 15.03.05.05
CVE-2025-14993 8.8 - High - December 21, 2025

A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.

Stack Overflow

Tenda AC18 15.03.05.05: Stack Buffer Overflow in HTTP Req Handler strcpy
CVE-2025-14992 8.8 - High - December 21, 2025

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Stack Overflow

Tenda AC18 XSS via ssid param v15.03.05.05_multi
CVE-2025-63834 5.4 - Medium - November 10, 2025

A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage.

XSS

Tenda AC18 15.03.05.05_multi WiFiGuestSet guestSsid buffer overflow
CVE-2025-63835 6.5 - Medium - November 10, 2025

A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution.

Stack Overflow

Tenda AC18 15.03.05.19 DDNSCfg stack buffer overflow
CVE-2025-11328 8.8 - High - October 06, 2025

A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.

Stack Overflow

Tenda AC18 15.03.05.19 Remote Stack Buffer Overflow in /goform/SetUpnpCfg
CVE-2025-11327 8.8 - High - October 06, 2025

A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Stack Overflow

Tenda AC18 15.03.05.19 Buffer Overflow in WifiMacFilterSet
CVE-2025-11326 8.8 - High - October 06, 2025

A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing a manipulation of the argument wifi_chkHz can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Stack Overflow

Tenda AC18 15.03.05.19: Stack Buffer Overflow via /goform/fast_setting_pppoe_set
CVE-2025-11325 8.8 - High - October 06, 2025

A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

Stack Overflow

Stack Overflow in Tenda AC18 15.03.05.19 /goform/setNotUpgrade (remote)
CVE-2025-11324 8.8 - High - October 06, 2025

A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

Stack Overflow

Tenda AC18 V15.03.05.19 Stack Overflow via wanSpeed in fromAdvSetMacMtuWan
CVE-2025-60662 7.5 - High - October 02, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.

Stack Overflow

Stack Overflow in Tenda AC18 V15.03.05.19 fromAdvSetMacMtuWan cloneType
CVE-2025-60661 5.3 - Medium - October 02, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.

Stack Overflow

Tenda AC18 Stack Overflow via wanMTU (V15.03.05.19)
CVE-2025-60663 7.5 - High - October 02, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function.

Stack Overflow

Stack Overflow in Tenda AC18 V15.03.05.19 fromAdvSetMacMtuWan
CVE-2025-60660 7.5 - High - October 02, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function.

Stack Overflow

Tenda AC18 15.03.05.19: /goform/saveAutoQos StackBased Buffer Overflow (Remote)
CVE-2025-11123 8.8 - High - September 28, 2025

A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.

Stack Overflow

Stack-based BOF in Tenda AC18 v15.03.3.10_EN ssid param
CVE-2024-41630 - July 31, 2024

Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.

Stack buffer overflow in Tenda AC18 V15.03.3.10 via deviceId
CVE-2024-33182 9.8 - Critical - July 16, 2024

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.

Memory Corruption

Tenda AC18 Pre-V15.03.3.10 Stack Buffer Overflow via deviceId
CVE-2024-33180 9.8 - Critical - July 16, 2024

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.

Memory Corruption

Tenda AC18 <15.03.05.19 Buffer Overflow in formSetPPTPServer
CVE-2024-34974 - May 14, 2024

Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter.

remoteIp stack overflow in Tenda AC18 V15.03.05.05
CVE-2024-33835 - May 01, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.

Memory Corruption

Command Injection in Tenda AC18 pre-15.03.05.05 via /goform/exeCommand
CVE-2024-30891 - April 05, 2024

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.

Stack Overflow in Tenda AC18 V15.03.05.05 ssid param of form_fast_setting_wifi_set
CVE-2024-28551 - March 26, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.

Tenda AC18 V15.03.05.05: cmd injection via deviceName
CVE-2024-28545 - March 26, 2024

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.

Tenda AC18 OS Command Injection via setsambacfg 15.03.05.05
CVE-2024-2854 9.8 - Critical - March 24, 2024

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

Tenda AC18 V15.03.05.05: stack overflow in firewallEn
CVE-2024-28547 - March 18, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function.

Tenda AC18 V15.03.05.05 stack overflow in fromNatStaticSetting page param
CVE-2024-28537 - March 18, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.

Tenda AC18 V15.03.05.05 Stack Overflow in formExpandDlnaFile 'filePath'
CVE-2024-28550 - March 18, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function.

CSRF in Tenda AC18 firmware 15.03.05.05 fromSysToolRestoreSet
CVE-2024-2560 4.3 - Medium - March 17, 2024

A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Session Riding

Tenda AC18 15.03.05.05 CSRF via SysToolReboot
CVE-2024-2559 6.5 - Medium - March 17, 2024

A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Session Riding

Tenda AC18 15.03.05.05 formexeCommand Stack Overflow Remote
CVE-2024-2558 8.8 - High - March 17, 2024

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical buf overflow in Tenda AC18 15.03.05.05 R7WebsSecurityHandler
CVE-2024-2547 8.8 - High - March 17, 2024

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC18 15.13.07.09 Remote Stack Buffer Overflow in fromSetWirelessRepeat
CVE-2024-2546 8.8 - High - March 17, 2024

A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical Remote Stack Buffer Overflow in Tenda AC18 15.03.05.05 setSchedWifi
CVE-2024-2490 8.8 - High - March 15, 2024

A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC18 15.03.05.05 Remote Stack-Based Buffer Overflow in formSetQosBand
CVE-2024-2489 8.8 - High - March 15, 2024

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC18 15.03.05.05 formSetPPTPServer buffer overflow (remote)
CVE-2024-2488 8.8 - High - March 15, 2024

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC18 15.03.05.05 Stack Buffer Overflow in formQuickIndex PPPOEPassword
CVE-2024-2486 8.8 - High - March 15, 2024

A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability.

Memory Corruption

Tenda AC18 15.03.05.05 Remote Stack Buffer Overflow Vulnerability
CVE-2024-2485 8.8 - High - March 15, 2024

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Stack overflow in Tenda AC18 v15.03.05.05 entrys parameter fromAddressNat
CVE-2024-28553 9.8 - Critical - March 12, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.

Memory Corruption

Stack overflow in Tenda AC18 V15.03.05.05 fromAddressNat
CVE-2024-28535 9.8 - Critical - March 12, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.

Memory Corruption

Tenda AC18 Command Injection via deviceName in setUsbUnload (v15.03.05.19)
CVE-2023-30135 9.8 - Critical - May 05, 2023

Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.

Command Injection

Buffer Overflow in Tenda AC18 V15.03.05.19 via /goform/fromSetWirelessRepeat
CVE-2023-24170 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.

Memory Corruption

Buffer Overflow in Tenda AC18 V15.03.05.19 /goform/FUN_0007343c
CVE-2023-24169 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.

Memory Corruption

Tenda AC18 Buffer Overflow in add_white_node (V15.03.05.19)
CVE-2023-24167 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.

Memory Corruption

Tenda AC18 V15.03.05.19 Buffer Overflow via /goform/formWifiBasicSet
CVE-2023-24166 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.

Memory Corruption

Tenda AC18 Buffer Overflow via /goform/initIpAddrInfo (V15.03.05.19)
CVE-2023-24165 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.

Memory Corruption

Tenda AC18 V15.03.05.19 Buffer Overflow via /goform/FUN_000c2318
CVE-2023-24164 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.

Memory Corruption

Tenda AC18 Buffer Overflow via formSetDeviceName (V15.03.05.05)
CVE-2022-44174 9.8 - Critical - November 21, 2022

Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.

Classic Buffer Overflow

Tenda AC18 Buffer Overflow in form_fast_setting_wifi_set (V15.03.05.19)
CVE-2022-44171 9.8 - Critical - November 21, 2022

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.

Classic Buffer Overflow

Tenda AC18 Buffer Overflow via R7WebsSecurityHandler (V15.03.05.19)
CVE-2022-44172 9.8 - Critical - November 21, 2022

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.

Classic Buffer Overflow

Tenda AC18 Buffer Overflow in formSetMacFilterCfg (V15.03.05.19)
CVE-2022-44175 9.8 - Critical - November 21, 2022

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

Classic Buffer Overflow

Tenda AC18 Buffer Overflow in fromSetRouteStatic (V15.03.05.19)
CVE-2022-44176 9.8 - Critical - November 21, 2022

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic.

Classic Buffer Overflow