CVE-2026-24105

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

CVE-2026-24105

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

EUVD-2026-9203

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

PT-2026-22653

Name of the Vulnerable Software and Affected Versions Tenda AC15V1.0 versions prior to V15.03.05.18 multi Description An issue exists in the goform/formsetUsbUnload component of the software. The v1 variable is not properly validated, which could allow for command injection when used with the...

CVE-2026-24105

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

CVE-2024-28545

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function...

CVE-2025-44872

Tenda AC9 V15.03.06.42multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Tenda AC18 formsetUsbUnload Method Command Injection Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a command injection vulnerability, which stems from a command injection vulnerability in the deviceName parameter of the...

CVE-2024-28545

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function...

Tenda AC18 安全漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a command injection vulnerability, which stems from a command injection vulnerability in the deviceName parameter of the...

CVE-2024-28545

CVE-2024-28545 describes a command injection vulnerability in the Tenda AC18 router (v15.03.05.05) where the flaw resides in the deviceName parameter of the formsetUsbUnload function. Connected sources consistently identify this issue for the affected device/model and root cause as a command inje...

PT-2024-22454 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: The issue concerns a command injection vulnerability. It is located in the deviceName parameter of the formsetUsbUnload function. Recommendations: For Tenda AC18 version 15.03.05.05, consider...

CVE-2024-28545

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function...

VulnCheck KEV: CVE-2018-14558

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request...