Tenda Ac18 Firmware vulnerabilities

102 known vulnerabilities affecting tenda/ac18_firmware.

Total CVEs

102

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH47MEDIUM11

Vulnerabilities

Page 5 of 6

CVE-2022-38309CRITICALCVSS 9.8v15.03.05.05v15.03.05.19\(6318\)2022-09-07

CVE-2022-38309 [CRITICAL] CWE-787 CVE-2022-38309: Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the l Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.

nvd

CVE-2022-38314CRITICALCVSS 9.8v15.03.05.05v15.03.05.19\(6318\)2022-09-07

CVE-2022-38314 [CRITICAL] CWE-787 CVE-2022-38314: Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the u Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo.

nvd

CVE-2022-38312CRITICALCVSS 9.8v15.03.05.05v15.03.05.19\(6318\)2022-09-07

CVE-2022-38312 [CRITICAL] CWE-787 CVE-2022-38312: Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the l Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.

nvd

CVE-2022-35201CRITICALCVSS 9.8v15.03.05.052022-08-19

CVE-2022-35201 [CRITICAL] CVE-2022-35201: Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.

nvd

CVE-2022-30474CRITICALCVSS 9.8v15.03.05.19\(6318\)2022-05-26

CVE-2022-30474 [CRITICAL] CWE-787 CVE-2022-30474: Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the http Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request.

nvd

CVE-2022-30472CRITICALCVSS 9.8v15.03.05.19\(6318\)2022-05-26

CVE-2022-30472 [CRITICAL] CWE-787 CVE-2022-30472: Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in fun Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat

nvd

CVE-2022-30476CRITICALCVSS 9.8v15.03.05.19\(6318\)2022-05-26

CVE-2022-30476 [CRITICAL] CWE-787 CVE-2022-30476: Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overfl Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.

nvd

CVE-2022-30477CRITICALCVSS 9.8v15.03.05.19\(6318\)2022-05-26

CVE-2022-30477 [CRITICAL] CWE-787 CVE-2022-30477: Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overfl Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.

nvd

CVE-2022-30473HIGHCVSS 7.5v15.03.05.19\(6318\)2022-05-26

CVE-2022-30473 [HIGH] CWE-787 CVE-2022-30473: Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in fu Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set

nvd

CVE-2022-30475HIGHCVSS 7.5v15.03.05.19\(6318\)2022-05-26

CVE-2022-30475 [HIGH] CWE-787 CVE-2022-30475: Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overfl Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request.

nvd

CVE-2018-18729CRITICALCVSS 9.8v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18729 [CRITICAL] CWE-787 CVE-2018-18729: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy

nvd

CVE-2018-18728CRITICALCVSS 9.8v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18728 [CRITICAL] CWE-78 CVE-2018-18728: An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05 An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.

nvd

CVE-2018-18707HIGHCVSS 7.5v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18707 [HIGH] CWE-119 CVE-2018-18707: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variab

nvd

CVE-2018-18731HIGHCVSS 7.5v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18731 [HIGH] CWE-119 CVE-2018-18731: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a lo

nvd

CVE-2018-18708HIGHCVSS 7.5v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18708 [HIGH] CWE-119 CVE-2018-18708: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly u

nvd

CVE-2018-18709HIGHCVSS 7.5v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18709 [HIGH] CWE-119 CVE-2018-18709: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local

nvd

CVE-2018-18732HIGHCVSS 7.5v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18732 [HIGH] CWE-119 CVE-2018-18732: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a loc

nvd

CVE-2018-18730HIGHCVSS 7.5v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18730 [HIGH] CWE-119 CVE-2018-18730: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a spr

nvd

CVE-2018-18727HIGHCVSS 7.5v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18727 [HIGH] CWE-119 CVE-2018-18727: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a lo

nvd

CVE-2018-18706HIGHCVSS 7.5v15.03.05.19\(6318\)_cn2018-10-29

CVE-2018-18706 [HIGH] CWE-119 CVE-2018-18706: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a

nvd

← Previous5 / 6Next →