Tenda A18 vulnerabilities

CVE-2026-2930 [MEDIUM] CWE-119 CVE-2026-2930: A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgi A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

CVE-2026-2876 [HIGH] CWE-119 CVE-2026-2876: A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_r A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2026-2877 [HIGH] CWE-119 CVE-2026-2877: A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the fil A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-0848 [HIGH] CWE-119 CVE-2025-0848: A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has be