CVE-2025-63834

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 91.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Ac18 Firmware
Timeline
PublishedNov 10

Description

A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDtenda/ac18_firmware15.03.05.05

🔴Vulnerability Details

2
CVEList
CVE-2025-63834: A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v152025-11-10
GHSA
GHSA-3vc8-hhvv-jw47: A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v152025-11-10
CVE-2025-63834 (MEDIUM CVSS 5.4) | A stored cross-site scripting (XSS) | cvebase.io