Tenda Ac18 Firmware

Stack Buffer Overflow in Tenda AC18 HTTP Handler (sprintf) Pre 15.03.05.05
CVE-2025-14993 8.8 - High - December 21, 2025

A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.

Stack Overflow

Tenda AC18 15.03.05.05: Stack Buffer Overflow in HTTP Req Handler strcpy
CVE-2025-14992 8.8 - High - December 21, 2025

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Stack Overflow

Tenda AC18 15.03.05.19 DDNSCfg stack buffer overflow
CVE-2025-11328 8.8 - High - October 06, 2025

A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.

Stack Overflow

Tenda AC18 15.03.05.19 Remote Stack Buffer Overflow in /goform/SetUpnpCfg
CVE-2025-11327 8.8 - High - October 06, 2025

A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Stack Overflow

Tenda AC18 15.03.05.19 Buffer Overflow in WifiMacFilterSet
CVE-2025-11326 8.8 - High - October 06, 2025

A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing a manipulation of the argument wifi_chkHz can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Stack Overflow

Tenda AC18 15.03.05.19: Stack Buffer Overflow via /goform/fast_setting_pppoe_set
CVE-2025-11325 8.8 - High - October 06, 2025

A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

Stack Overflow

Stack Overflow in Tenda AC18 15.03.05.19 /goform/setNotUpgrade (remote)
CVE-2025-11324 8.8 - High - October 06, 2025

A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

Stack Overflow

Weak password auth in Samba on Tenda AC18 15.03.05.19
CVE-2025-8182 7.4 - High - July 26, 2025

A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Weak Password Requirements

Tenda AC18 15.03.05.05: fromadvsetlanip B.O. via lanMask
CVE-2025-5609 8.8 - High - June 04, 2025

A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Critical Buffer Overflow in Tenda AC18 15.03.05.05 /goform/SetSysAutoRebbotCfg
CVE-2025-5608 8.8 - High - June 04, 2025

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Tenda AC18 15.03.05.05 Critical Buffer Overflow in formSetPPTPUserList
CVE-2025-5607 8.8 - High - June 04, 2025

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Critical Command Injection in Tenda AC18 15.03.05.05 formSetIptv
CVE-2025-5606 9.8 - Critical - June 04, 2025

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection

Tenda AC18 Stack Overflow via startIP in formSetPPTPServer (V15.03.05.19)
CVE-2024-57582 9.8 - Critical - January 16, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.

Memory Corruption

Tenda AC18 V15.03.05.19 Stack Overflow via firewallEn (formSetFirewallCfg)
CVE-2024-57581 9.8 - Critical - January 16, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.

Memory Corruption

Tenda AC18 Stack Overflow via devName Param, V15.03.05.19
CVE-2024-57580 9.8 - Critical - January 16, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.

Memory Corruption

Tenda AC18 V15.03.05.19 Stack Overflow via limitSpeedUp in formSetClientState
CVE-2024-57579 9.8 - Critical - January 16, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.

Memory Corruption

Command Injection in Tenda AC18 USBName Param (V15.03.05.19)
CVE-2024-57583 9.8 - Critical - January 16, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.

Command Injection

Tenda AC18 SSID Stack Overflow Vulnerability (V15.03.05.19)
CVE-2024-57575 9.8 - Critical - January 16, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

Memory Corruption

Tenda AC18 V15.03.05.19 Stack Overflow via formSetCfm funcpara1
CVE-2024-57578 8.8 - High - January 16, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.

Memory Corruption

Stack Overflow in formSetSpeedWan of Tenda AC18 v15.03.05.19 (speed_dir)
CVE-2024-57577 5.7 - Medium - January 16, 2025

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

Memory Corruption

Stack-based BOF in Tenda AC18 v15.03.3.10_EN ssid param
CVE-2024-41630 - July 31, 2024

Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.

Buf overflow in Tenda AC18 V15.03.3.10 via deviceMac ip/goform/addWifiMacFilter
CVE-2024-33181 - July 16, 2024

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter.

Tenda AC18 <15.03.05.19 Buffer Overflow in formSetPPTPServer
CVE-2024-34974 - May 14, 2024

Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter.

remoteIp stack overflow in Tenda AC18 V15.03.05.05
CVE-2024-33835 - May 01, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.

Memory Corruption

Command Injection in Tenda AC18 pre-15.03.05.05 via /goform/exeCommand
CVE-2024-30891 - April 05, 2024

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.

Stack Overflow in Tenda AC18 V15.03.05.05 ssid param of form_fast_setting_wifi_set
CVE-2024-28551 - March 26, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.

Tenda AC18 V15.03.05.05: cmd injection via deviceName
CVE-2024-28545 - March 26, 2024

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.

Tenda AC18 V15.03.05.05 stack overflow in fromNatStaticSetting page param
CVE-2024-28537 - March 18, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.

Tenda AC18 V15.03.05.05: stack overflow in firewallEn
CVE-2024-28547 - March 18, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function.

Tenda AC18 V15.03.05.05 Stack Overflow in formExpandDlnaFile 'filePath'
CVE-2024-28550 - March 18, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function.

CSRF in Tenda AC18 firmware 15.03.05.05 fromSysToolRestoreSet
CVE-2024-2560 4.3 - Medium - March 17, 2024

A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Session Riding

Tenda AC18 15.03.05.05 CSRF via SysToolReboot
CVE-2024-2559 6.5 - Medium - March 17, 2024

A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Session Riding

Tenda AC18 15.03.05.05 formexeCommand Stack Overflow Remote
CVE-2024-2558 8.8 - High - March 17, 2024

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical buf overflow in Tenda AC18 15.03.05.05 R7WebsSecurityHandler
CVE-2024-2547 8.8 - High - March 17, 2024

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC18 15.13.07.09 Remote Stack Buffer Overflow in fromSetWirelessRepeat
CVE-2024-2546 8.8 - High - March 17, 2024

A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical Remote Stack Buffer Overflow in Tenda AC18 15.03.05.05 setSchedWifi
CVE-2024-2490 8.8 - High - March 15, 2024

A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC18 15.03.05.05 Buffer Overflow in formSetDeviceName (critical)
CVE-2024-2487 8.8 - High - March 15, 2024

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256894 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC18 15.03.05.05 formSetPPTPServer buffer overflow (remote)
CVE-2024-2488 8.8 - High - March 15, 2024

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC18 15.03.05.05 Remote Stack-Based Buffer Overflow in formSetQosBand
CVE-2024-2489 8.8 - High - March 15, 2024

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda AC18 15.03.05.05 Stack Buffer Overflow in formQuickIndex PPPOEPassword
CVE-2024-2486 8.8 - High - March 15, 2024

A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability.

Memory Corruption

Tenda AC18 15.03.05.05 Remote Stack Buffer Overflow Vulnerability
CVE-2024-2485 8.8 - High - March 15, 2024

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Stack overflow in Tenda AC18 V15.03.05.05 fromAddressNat
CVE-2024-28535 9.8 - Critical - March 12, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.

Memory Corruption

Stack overflow in Tenda AC18 v15.03.05.05 entrys parameter fromAddressNat
CVE-2024-28553 9.8 - Critical - March 12, 2024

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.

Memory Corruption

Tenda AC18 Command Injection via deviceName in setUsbUnload (v15.03.05.19)
CVE-2023-30135 9.8 - Critical - May 05, 2023

Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.

Command Injection

Buffer Overflow in Tenda AC18 V15.03.05.19 via /goform/fromSetWirelessRepeat
CVE-2023-24170 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.

Memory Corruption

Buffer Overflow in Tenda AC18 V15.03.05.19 /goform/FUN_0007343c
CVE-2023-24169 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.

Memory Corruption

Tenda AC18 Buffer Overflow in add_white_node (V15.03.05.19)
CVE-2023-24167 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.

Memory Corruption

Tenda AC18 V15.03.05.19 Buffer Overflow via /goform/formWifiBasicSet
CVE-2023-24166 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.

Memory Corruption

Tenda AC18 Buffer Overflow via /goform/initIpAddrInfo (V15.03.05.19)
CVE-2023-24165 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.

Memory Corruption

Tenda AC18 V15.03.05.19 Buffer Overflow via /goform/FUN_000c2318
CVE-2023-24164 9.8 - Critical - January 26, 2023

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.

Memory Corruption