Ac10 Firmware Security Vulnerabilities and Issues — Ac10 Firmware CVE List

cve

CVE-2018-14557

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When proces...

7.5CVSS

7.7AI Score

0.001EPSS

2019-04-25 08:29 PM

30

cve

CVE-2018-14558

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands vi...

9.8CVSS

9.7AI Score

0.936EPSS

2018-10-30 06:29 PM

848

In Wild

cve

CVE-2018-14559

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When proces...

7.5CVSS

7.7AI Score

0.001EPSS

2019-04-25 08:29 PM

29

cve

CVE-2018-18706

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromD...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

28

cve

CVE-2018-18707

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, th...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

26

cve

CVE-2018-18708

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromA...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

21

2

cve

CVE-2018-18709

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post reque...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

30

cve

CVE-2018-18727

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post r...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

26

cve

CVE-2018-18729

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a po...

9.8CVSS

9.4AI Score

0.005EPSS

2018-10-29 12:29 PM

32

cve

CVE-2018-18730

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters fo...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

26

cve

CVE-2018-18731

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post re...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

30

cve

CVE-2018-18732

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post re...

7.5CVSS

7.7AI Score

0.001EPSS

2018-10-29 12:29 PM

28

cve

CVE-2022-32054

Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.

9.8CVSS

9.9AI Score

0.011EPSS

2022-07-07 07:15 PM

47

11

cve

CVE-2022-42163

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 01:15 PM

32

2

cve

CVE-2022-42164

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 01:15 PM

30

cve

CVE-2022-42165

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 01:15 PM

25

2

cve

CVE-2022-42166

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

24

6

cve

CVE-2022-42167

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

26

6

cve

CVE-2022-42168

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

27

8

cve

CVE-2022-42169

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.

9.8CVSS

9.6AI Score

0.002EPSS

2022-10-17 02:15 PM

20

6

cve

CVE-2022-42170

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

27

8

cve

CVE-2022-42171

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-17 02:15 PM

25

8

cve

CVE-2022-46109

Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.

7.5CVSS

7.5AI Score

0.001EPSS

2022-12-16 05:15 PM

28

cve

CVE-2023-27012

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

21

cve

CVE-2023-27013

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

20

2

cve

CVE-2023-27014

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

25

cve

CVE-2023-27015

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

21

cve

CVE-2023-27016

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

25

cve

CVE-2023-27017

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-07 02:15 AM

50

cve

CVE-2023-27018

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-07 02:15 AM

52

cve

CVE-2023-27019

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.002EPSS

2023-04-07 02:15 AM

25

cve

CVE-2023-27020

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-07 02:15 AM

21

cve

CVE-2023-27021

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-07 02:15 AM

19

cve

CVE-2023-34566

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.

9.8CVSS

9.6AI Score

0.002EPSS

2023-06-08 03:15 PM

23

cve

CVE-2023-34567

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

18

cve

CVE-2023-34568

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

25

cve

CVE-2023-34569

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

17

cve

CVE-2023-34570

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

19

cve

CVE-2023-34571

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-08 03:15 PM

16

cve

CVE-2023-37710

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.

9.8CVSS

9.7AI Score

0.002EPSS

2023-07-10 05:15 PM

25

cve

CVE-2023-37711

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.

9.8CVSS

9.7AI Score

0.002EPSS

2023-07-10 05:15 PM

23

cve

CVE-2023-37716

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.

9.8CVSS

9.7AI Score

0.002EPSS

2023-07-14 12:15 AM

21

cve

CVE-2023-37717

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.

9.8CVSS

9.7AI Score

0.002EPSS

2023-07-14 12:15 AM

21

cve

CVE-2023-38931

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

9.8CVSS

9.6AI Score

0.002EPSS

2023-08-07 07:15 PM

21

cve

CVE-2023-38933

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.

9.8CVSS

9.6AI Score

0.002EPSS

2023-08-07 07:15 PM

20

cve

CVE-2023-38935

Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.

9.8CVSS

9.6AI Score

0.003EPSS

2023-08-07 07:15 PM

12

cve

CVE-2023-38936

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

9.8CVSS

9.6AI Score

0.002EPSS

2023-08-07 07:15 PM

17

cve

CVE-2023-38937

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.

9.8CVSS

9.6AI Score

0.002EPSS

2023-08-07 07:15 PM

19

cve

CVE-2023-42320

Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.

9.8CVSS

9AI Score

0.002EPSS

2023-09-18 04:15 PM

28

cve

CVE-2023-45479

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098.

9.8CVSS

9.6AI Score

0.001EPSS

2023-11-29 06:15 AM

21