Ac10 Firmware Security Vulnerabilities and Issues — Ac10 Firmware CVE List

cve

CVE-2018-14492

Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.

7.5CVSS

7.6AI Score

0.001EPSS

2022-10-03 04:22 PM

21

cve

CVE-2018-14557

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When proces...

7.5CVSS

7.7AI Score

0.001EPSS

2019-04-25 08:29 PM

24

cve

CVE-2018-14558

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands vi...

9.8CVSS

9.7AI Score

0.936EPSS

2018-10-30 06:29 PM

841

In Wild

cve

CVE-2018-14559

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When proces...

7.5CVSS

7.7AI Score

0.001EPSS

2019-04-25 08:29 PM

21

cve

CVE-2018-16333

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value...

7.5CVSS

7.7AI Score

0.001EPSS

2018-09-02 03:29 AM

24

cve

CVE-2018-16334

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.

8.8CVSS

8.9AI Score

0.003EPSS

2018-09-02 03:29 AM

23

cve

CVE-2018-18706

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromD...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

22

cve

CVE-2018-18707

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, th...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

20

cve

CVE-2018-18708

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromA...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

17

2

cve

CVE-2018-18709

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post reque...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

24

cve

CVE-2018-18727

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post r...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

21

cve

CVE-2018-18729

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a po...

9.8CVSS

9.4AI Score

0.005EPSS

2018-10-29 12:29 PM

26

cve

CVE-2018-18730

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters fo...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

21

cve

CVE-2018-18731

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post re...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

24

cve

CVE-2018-18732

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post re...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

20

cve

CVE-2021-38278

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.

9.8CVSS

9.7AI Score

0.002EPSS

2022-03-23 07:15 PM

62

cve

CVE-2021-38772

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

7.5CVSS

7.8AI Score

0.001EPSS

2022-03-23 07:15 PM

54

cve

CVE-2022-26243

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.

7.5CVSS

7.8AI Score

0.001EPSS

2022-03-23 07:15 PM

65

cve

CVE-2022-32054

Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.

9.8CVSS

9.9AI Score

0.011EPSS

2022-07-07 07:15 PM

40

11

cve

CVE-2022-42163

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 01:15 PM

27

2

cve

CVE-2022-42164

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 01:15 PM

25

cve

CVE-2022-42165

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 01:15 PM

20

2

cve

CVE-2022-42166

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

18

6

cve

CVE-2022-42167

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

19

6

cve

CVE-2022-42168

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

21

8

cve

CVE-2022-42169

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.

9.8CVSS

9.6AI Score

0.002EPSS

2022-10-17 02:15 PM

13

6

cve

CVE-2022-42170

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

22

8

cve

CVE-2022-42171

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

19

8

cve

CVE-2022-46109

Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.

7.5CVSS

7.5AI Score

0.001EPSS

2022-12-16 05:15 PM

22

cve

CVE-2023-27012

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

15

cve

CVE-2023-27013

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

15

2

cve

CVE-2023-27014

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

18

cve

CVE-2023-27015

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

15

cve

CVE-2023-27016

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

17

cve

CVE-2023-27017

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-07 02:15 AM

46

cve

CVE-2023-27018

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-07 02:15 AM

45

cve

CVE-2023-27019

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

16

cve

CVE-2023-27020

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-07 02:15 AM

16

cve

CVE-2023-27021

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-07 02:15 AM

12

cve

CVE-2023-34566

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.

9.8CVSS

9.6AI Score

0.002EPSS

2023-06-08 03:15 PM

16

cve

CVE-2023-34567

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

12

cve

CVE-2023-34568

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

19

cve

CVE-2023-34569

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

13

cve

CVE-2023-34570

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

12

cve

CVE-2023-34571

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

10

cve

CVE-2023-37144

Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.

9.8CVSS

9.8AI Score

0.005EPSS

2023-07-07 02:15 PM

10

cve

CVE-2023-37710

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.

9.8CVSS

9.7AI Score

0.001EPSS

2023-07-10 05:15 PM

16

cve

CVE-2023-37711

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.

9.8CVSS

9.7AI Score

0.001EPSS

2023-07-10 05:15 PM

16

cve

CVE-2023-37716

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.

9.8CVSS

9.7AI Score

0.001EPSS

2023-07-14 12:15 AM

13

cve

CVE-2023-37717

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.

9.8CVSS

9.7AI Score

0.001EPSS

2023-07-14 12:15 AM

17