Tenda Ax1803 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda Ax1803 Firmware.
By the Year
In 2026 there have been 1 vulnerability in Tenda Ax1803 Firmware with an average score of 8.8 out of ten. Last year, in 2025 Ax1803 Firmware had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Ax1803 Firmware in 2026 could surpass last years number. Interestingly, the average vulnerability score and the number of vulnerabilities for 2026 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 8.80 |
| 2025 | 2 | 8.80 |
| 2024 | 24 | 9.76 |
| 2023 | 4 | 8.40 |
| 2022 | 5 | 7.56 |
It may take a day or so for new Ax1803 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda Ax1803 Firmware Security Vulnerabilities
Remote Stack Buffer Overflow in Tenda AX1803 1.0.0.1 WiFiGuestSet
CVE-2026-1329
8.8 - High
- January 22, 2026
A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
Stack Overflow
Tenda AX1803 1.0.0.1 Stack Buffer Overflow in formSetWifiMacFilterCfg
CVE-2025-7598
8.8 - High
- July 14, 2025
A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AX1803 1.0.0.1 MAC-Filter Buffer Overflow in formSetMacFilterCfg
CVE-2025-7597
8.8 - High
- July 14, 2025
A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AX1803 1.0.0.1 DDNS buffer overflow in formSetSysToolDDNS
CVE-2024-4236
8.8 - High
- April 26, 2024
A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Stack Overflow
Stack Overflow in Tenda AX1803 v1.0.0.1 - serverName in fromAdvSetMacMtuWan
CVE-2024-30621
9.8 - Critical
- April 02, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan.
Memory Corruption
Tenda AX1803 v1.0.0.1 SO via serviceName in fromAdvSetMacMtuWan
CVE-2024-30620
9.8 - Critical
- April 02, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.
Memory Corruption
Tenda AX1803 (v1.0.0.1) stack overflow via iptv.stb.mode in setIptvInfo
CVE-2023-51962
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.
Memory Corruption
Stack Overflow in Tenda AX1803 v1.0.0.1 via iptv.stb.port
CVE-2023-51967
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo.
Memory Corruption
Stack Overflow in Tenda AX1803 v1.0.0.1 via iptv.city.vlan
CVE-2023-51969
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo.
Memory Corruption
Stack Overflow in Tenda AX1803 via iptv.stb.mode pre-1.0.0.1
CVE-2023-51970
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
Memory Corruption
Stack Overflow in Tenda AX1803 v1.0.0.1 via adv.iptv.stballvlans (getIptvInfo)
CVE-2023-51968
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo.
Memory Corruption
Tenda AX1803 v1.0.0.1 StackOverflow via iptv.stb.port param
CVE-2023-51954
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.
Memory Corruption
Tenda AX1803 v1.0.0.1 IP TV Stbpvid Stack Overflow Vulnerability
CVE-2023-51952
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.
Memory Corruption
Tenda AX1803 v1.0.0.1 Stack Overflow via iptv.stb.mode
CVE-2023-51953
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
Memory Corruption
Stack Overflow in Tenda AX1803 v1.0.0.1 via iptv.city.vlan
CVE-2023-51963
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.
Memory Corruption
Stack overflow in Tenda AX1803 v1.0.0.1 via adv.iptv.stbpvid
CVE-2023-51965
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.
Memory Corruption
Tenda AX1803 v1.0.0.1: stack overflow via iptv.city.vlan in formGetIptv
CVE-2023-51960
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.
Memory Corruption
Stack overflow in Tenda AX1803 v1.0.0.1 via adv.iptv.stballvlans
CVE-2023-51955
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
Memory Corruption
Stack overflow in Tenda AX1803 v1.0.0.1 via iptv.city.vlan param (formSetIptv)
CVE-2023-51956
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv
Memory Corruption
Stack Overflow in Tenda AX1803 v1.0.0.1 via iptv.stb.port
CVE-2023-51964
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.
Memory Corruption
Tenda AX1803 v1.0.0.1 stack overflow in iptv.stb.port via formGetIptv
CVE-2023-51958
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.
Memory Corruption
Tenda AX1803 1.0.0.1: Stack Overflow via iptv.stb.mode
CVE-2023-51957
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.
Memory Corruption
Tenda AX1803 v1.0.0.1 Stack Overflow via adv.iptv.stbpvid
CVE-2023-51959
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.
Memory Corruption
Stack Overflow in Tenda AX1803 1.0.0.1 adv.iptv.stballvlans
CVE-2023-51961
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.
Memory Corruption
Stack Overflow in Tenda AX1803 v1.0.0.1 via adv.iptv.stballvlans
CVE-2023-51966
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.
Memory Corruption
Tenda AX1803 v1.0.0.1 Stack Overflow via adv.iptv.stbpvid
CVE-2023-51971
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo.
Memory Corruption
Tenda AX1803 v1.0.0.1 Command Injection via fromAdvSetLanIp
CVE-2023-51972
9.8 - Critical
- January 10, 2024
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.
Command Injection
Remote Code Execution in Tneda AX1803 v1.0.0.1 via adslPwd
CVE-2023-49040
9.8 - Critical
- November 27, 2023
An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.
Command Injection
Tenda AX1803 v1.0.0.1: Heap overflow in saveParentControlInfo DoS
CVE-2023-48110
7.5 - High
- November 20, 2023
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
Memory Corruption
Stack Overflow (time param) DoS in Tenda AX1803 firmware v1.0.0.1
CVE-2023-48111
7.5 - High
- November 20, 2023
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
Memory Corruption
Buf-OVF in Tenda AX1803 v1.0.0.1_2994 via /goform/SetOnlineDevName
CVE-2022-45781
8.8 - High
- November 14, 2023
Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.
Memory Corruption
Tenda ax1803 v1.0.0.1 RCE via stack overflow in fromAdvSetMacMtuWan
CVE-2022-40876
9.8 - Critical
- October 27, 2022
In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE).
Memory Corruption
Tenda AX1803 v1.0.0.1 GetParentControlInfo Heap Overflow
CVE-2022-40875
7.5 - High
- October 27, 2022
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.
Memory Corruption
Tenda AX1803 v1.0.0.1 heap overflow in GetParentControlInfo can cause DoS
CVE-2022-40874
7.5 - High
- October 27, 2022
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request.
Memory Corruption
Tenda AX1803 Router CSRF via TendaAteMode (prev1.0.0.1)
CVE-2022-42086
6.5 - Medium
- October 12, 2022
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.
Session Riding
Tenda AX1803 CSRF via fromSysToolReboot before v1.0.0.1
CVE-2022-42087
6.5 - Medium
- October 12, 2022
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda Ax1803 Firmware or by Tenda? Click the Watch button to subscribe.
