CVE-2026-31255

A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...

CVE-2026-31255

A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...

CVE-2025-14993

A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now...

CVE-2025-14992 Tenda AC18 HTTP Request GetParentControlInfo strcpy stack-based overflow

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the...

PT-2025-52585

Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.05 Description A stack-based buffer overflow exists in the HTTP Request Handler component of Tenda AC18 version 15.03.05.05. The issue is located in the strcpy function within the file /goform/GetParentControlInfo...

CVE-2025-63834

A stored cross-site scripting XSS vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage...

CVE-2025-63835

A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to...

CVE-2025-63834

A stored cross-site scripting XSS vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage...

PT-2025-3474 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version V15.03.05.19 Description: The issue is related to a stack overflow in the formSetClientState function when handling the limitSpeedUp parameter. This can be exploited by a remote attacker to cause a denial of service or...

PT-2024-10186 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version V15.03.05.19 Description: The issue is related to a stack overflow vulnerability in the formSetDeviceName function, specifically through the devName parameter. This vulnerability can be exploited by sending a specially...

Tenda多款产品 代码问题漏洞

Tenda AC7 and others are products of Tenda, a Chinese company.Tenda AC7 is a wireless router.Tenda AC9 is a wireless router.Tenda AC10 is a wireless router. A code issue exists in a number of Tenda products where the vulnerability stems from a null pointer dereference vulnerability in the...

PT-2024-29473 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.3.10 EN Description: A stack-based buffer overflow issue allows a remote attacker to execute arbitrary code via the ssid parameter at the "ip/goform/fast setting wifi set" endpoint. Recommendations: For Tenda AC18...

PT-2024-25142 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.3.10 EN Description: A stack-based buffer overflow issue was discovered via the deviceId parameter at the "ip/goform/saveParentControlInfo" endpoint. This allows for potential exploitation. Recommendations: For Tenda...

The vulnerability of the fromNatStaticSetting() function (/goform/NatStaticSetting) in the Tenda AC18 router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromNatStaticSetting function /goform/NatStaticSetting in the Tenda AC18 router’s microprogramming system is related to the operation that occurs outside the buffer in memory when processing the page parameter. Exploiting this vulnerability can allow an attacker to...

PT-2024-22456 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: The issue is a stack overflow vulnerability in the filePath parameter of the formExpandDlnaFile function. Recommendations: For Tenda AC18 version 15.03.05.05, as a temporary workaround, consider...

PT-2024-2176 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formQuickIndex function of the /goform/QuickIndex file, allowing for a stack-based buffer overflow through the manipulation of the PPPOEPassword argument. This can be...

PT-2024-2318 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formexeCommand function of the file /goform/execCommand. The manipulation of the cmdinput argument leads to a stack-based buffer overflow. This issue can be exploited...

PT-2024-2263 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formSetPPTPServer function of the file /goform/SetPptpServerCfg. The manipulation of the startIP argument leads to a stack-based buffer overflow. This issue can be...

PT-2024-2267 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: The issue is related to a stack overflow vulnerability in the page parameter of the fromNatStaticSetting function, which can be exploited by a remote attacker to impact the confidentiality, integrit...

Tenda AC18 安全漏洞

The Tenda AC18 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC18 version V15.03.05.19, which is caused by the formWifiWpsOOB function not checking the length of the input data, and can be exploited to cause a denial of service...