Tenda W18e Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda W18e Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Tenda W18e Firmware. Last year, in 2025 W18e Firmware had 13 security vulnerabilities published. Right now, W18e Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 13 | 4.30 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
It may take a day or so for new W18e Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda W18e Firmware Security Vulnerabilities
Arbitrary code exec in Tenda W18E v2.0 via goform/setmodules
CVE-2025-45343
- May 28, 2025
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.
Tenda W18E Stack Buffer Overflow via Password (v16.01.0.11)
CVE-2025-3203
4.3 - Medium
- April 04, 2025
A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
Tenda W18E v16.01.0.11 WiFiSSID Stack Overflow DoS
CVE-2025-29217
- March 20, 2025
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Tenda W18E 2.0 v16.01.0.11 DoS via wifiPwd stack overflow
CVE-2025-29218
- March 20, 2025
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Sensitive Info Disclosure in Tenda W18E V16.01.0.8 via getQuickCfgWifiAndLogin
CVE-2024-46437
- February 10, 2025
A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks.
Hardcoded credentials in Tenda W18E V16.01.0.8 allow root via telnet
CVE-2024-46436
- February 10, 2025
Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
Tenda W18E V16.01.0.8: Stack Overflow in delFacebookPic causes DoS
CVE-2024-46435
- February 10, 2025
A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function.
Tenda W18E V16.01.0.8 Web Mgmt Auth Bypass
CVE-2024-46434
- February 10, 2025
Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
Default creds in Tenda W18E V16.01.0.8 enable admin portal
CVE-2024-46433
- February 10, 2025
A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.
Tenda W18E V16.01.0.8 Incorrect Access Control Enables Admin Credential Change
CVE-2024-46432
- February 10, 2025
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.
Buffer Overflow in Tenda W18E V16.01.0.8 via delWewifiPic (Web Portal)
CVE-2024-46431
- February 10, 2025
Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.
Tenda W18E Unauthorized Admin PW Change via Web Portal
CVE-2024-46430
- February 10, 2025
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.
Hardcoded Guest Admin in Tenda W18E V16.01.0.8 Web Portal: Unauth Remote Access
CVE-2024-46429
- February 10, 2025
A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
Stack Overflow in Tenda W18E v16.01.0.8 portMirrorMirroredPorts
CVE-2023-46369
9.8 - Critical
- October 25, 2023
Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda W18e Firmware or by Tenda? Click the Watch button to subscribe.
