Tenda A18 Firmware vulnerabilities

CVE-2026-2930 [MEDIUM] CWE-119 CVE-2026-2930: A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgi A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

CVE-2026-2876 [HIGH] CWE-119 CVE-2026-2876: A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_r A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2026-2877 [HIGH] CWE-119 CVE-2026-2877: A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the fil A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-0848 [HIGH] CWE-119 CVE-2025-0848: A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has be

CVE-2024-32305 [HIGH] CWE-121 CVE-2024-32305: Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.

CVE-2023-50585 [CRITICAL] CWE-787 CVE-2023-50585: Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the f Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.

CVE-2023-39827 [HIGH] CWE-787 CVE-2023-39827: Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function.

CVE-2023-39828 [HIGH] CWE-787 CVE-2023-39828: Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.

CVE-2023-39829 [HIGH] CWE-787 CVE-2023-39829: Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g paramete Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWirelessRepeat function.

CVE-2022-44932 [HIGH] CWE-284 CVE-2022-44932: An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Tel An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.

CVE-2022-44931 [HIGH] CWE-787 CVE-2022-44931: Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at / Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.