859 matches found
CVE-2025-14992 Tenda AC18 HTTP Request GetParentControlInfo strcpy stack-based overflow
A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the...
CVE-2025-14992
CVE-2025-14992 affects Tenda AC18 firmware 15.03.05.05. The vulnerability is a stack-based overflow in the HTTP Request Handler’s GetParentControlInfo, caused by unsafe handling of the mac argument in strcpy. Remote exploitation is possible and exploits have been publicly disclosed. Public source...
Tenda AC18 安全漏洞
Tenda AC18 is a router from Tenda China. A security vulnerability exists in Tenda AC18 version 15.03.05.05, which originates from an improper handling of the parameter mac in the strcpy function of the file /goform/GetParentControlInfo in the component HTTP Request Handler, which may result in a...
PT-2025-53536
Уязвимость функции sprintf микропрограммного обеспечения маршрутизаторов Tenda AC18 связана с выходом операции за границы буфера в памяти при обработке параметра scanList. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код или вызвать отказ в...
PT-2025-52552
Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.05 Description A flaw exists in the Tenda AC18 router that could allow for remote attacks. The issue is related to the sprintf function within the HTTP Request Handler component, specifically in the file...
Tenda AC18 guestSsid Parameter Stack Buffer Overflow Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the /goform/WifiGuestSet interface guestSsid parameter fails to correctly...
Tenda AC18 ssid parameter cross-site scripting vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by th...
CVE-2025-63835
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to...
EUVD-2025-48944
A stored cross-site scripting XSS vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage...
CVE-2025-63835
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to...
CVE-2025-63834
A stored cross-site scripting XSS vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage...
CVE-2025-63834
A stored cross-site scripting XSS vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage...
PT-2025-46176
Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.05 multi Description A stored cross-site scripting XSS issue exists in Tenda AC18. The issue is located in the ssid parameter within the wireless settings. An attacker can inject malicious payloads that will execute...
PT-2025-46177
Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.05 multi Description A stack-based buffer overflow issue exists in Tenda AC18 version 15.03.05.05 multi. The issue is located in the guestSsid parameter of the /goform/WifiGuestSet API endpoint. Sending oversized da...
Tenda AC18 安全漏洞
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the /goform/WifiGuestSet interface guestSsid parameter fails to correctly...
CVE-2025-63835
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to...
Tenda AC18 安全漏洞
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by th...
CVE-2025-63834
A stored cross-site scripting XSS vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage...
CVE-2025-63834
CVE-2025-63834 concerns a stored cross-site scripting (XSS) in the Tenda AC18 router. Affected product: Tenda AC18 v15.03.05.05_multi. Vulnerable component: the ssid parameter in the wireless settings; root cause is inadequate input filtering/escaping of user-supplied data. Impact per sources: at...
CVE-2025-63835
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to...