Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ac18_firmware
(Tenda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 66 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-01-16 | CVE-2024-57579 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function. | Ac18_firmware | 9.8 | ||
| 2025-01-16 | CVE-2024-57580 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | Ac18_firmware | 9.8 | ||
| 2025-01-16 | CVE-2024-57581 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | Ac18_firmware | 9.8 | ||
| 2025-01-16 | CVE-2024-57582 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. | Ac18_firmware | 9.8 | ||
| 2025-01-16 | CVE-2024-57583 | Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | Ac18_firmware | 9.8 | ||
| 2025-01-16 | CVE-2024-57575 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | Ac18_firmware | 9.8 | ||
| 2023-05-05 | CVE-2023-30135 | Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | Ac18_firmware | 9.8 | ||
| 2024-03-17 | CVE-2024-2546 | A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | Ac18_firmware | 9.8 | ||
| 2024-03-17 | CVE-2024-2547 | A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | Ac18_firmware | 8.8 | ||
| 2024-03-17 | CVE-2024-2558 | A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | Ac18_firmware | 8.8 |