Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
TendaAc15 Firmware

74 matches found

CVE
CVEadded 2018/10/29 12:29 p.m.44 views

CVE-2018-18732

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post re...

7.8CVSS7.7AI score0.00314EPSS
CVE
CVEadded 2024/11/01 4:15 p.m.44 views

CVE-2024-10661

A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit h...

9CVSS8.9AI score0.00719EPSS
Web
CVE
CVEadded 2017/11/24 7:29 a.m.43 views

CVE-2017-16936

Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15...

6.5CVSS6.5AI score0.00849EPSS
Web
CVE
CVEadded 2023/08/18 3:15 a.m.43 views

CVE-2023-39673

Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().

9.8CVSS9.7AI score0.00121EPSS
CVE
CVEadded 2024/04/17 4:15 p.m.43 views

CVE-2024-32303

Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.

8CVSS7.4AI score0.00132EPSS
CVE
CVEadded 2018/10/29 12:29 p.m.42 views

CVE-2018-18706

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromD...

7.8CVSS7.7AI score0.00314EPSS
CVE
CVEadded 2025/03/05 9:15 p.m.42 views

CVE-2025-25634

A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.

6.5CVSS7.4AI score0.00055EPSS
Web
CVE
CVEadded 2020/07/13 7:15 p.m.41 views

CVE-2020-10989

An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.

6.1CVSS6.2AI score0.00317EPSS
Web
CVE
CVEadded 2024/11/01 4:15 p.m.41 views

CVE-2024-10662

A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit ha...

9CVSS8.9AI score0.00737EPSS
Web
CVE
CVEadded 2020/07/13 7:15 p.m.40 views

CVE-2020-10988

A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.

10CVSS9.3AI score0.06405EPSS
CVE
CVEadded 2025/06/08 10:15 p.m.40 views

CVE-2025-5848

A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack...

9CVSS8.9AI score0.00106EPSS
CVE
CVEadded 2018/10/29 12:29 p.m.39 views

CVE-2018-18707

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, th...

7.8CVSS7.7AI score0.00314EPSS
CVE
CVEadded 2018/10/29 12:29 p.m.39 views

CVE-2018-18730

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters fo...

7.8CVSS7.7AI score0.00314EPSS
CVE
CVEadded 2024/09/10 4:15 p.m.39 views

CVE-2023-36103

Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.

9.8CVSS7.8AI score0.09286EPSS
CVE
CVEadded 2018/10/29 12:29 p.m.38 views

CVE-2018-18727

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post r...

7.8CVSS7.7AI score0.00314EPSS
CVE
CVEadded 2025/06/08 11:15 p.m.38 views

CVE-2025-5850

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack ca...

9CVSS7.3AI score0.00146EPSS
Web
CVE
CVEadded 2022/09/23 3:15 p.m.37 views

CVE-2022-40851

Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.

9.8CVSS9.6AI score0.02427EPSS
CVE
CVEadded 2023/04/24 3:15 p.m.36 views

CVE-2023-30378

In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability.

9.8CVSS9.7AI score0.00121EPSS
CVE
CVEadded 2018/10/29 12:29 p.m.35 views

CVE-2018-18708

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromA...

7.8CVSS7.7AI score0.00334EPSS
CVE
CVEadded 2025/06/08 11:15 p.m.35 views

CVE-2025-5849

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflo...

9CVSS8.9AI score0.00125EPSS
Web
CVE
CVEadded 2025/09/15 12:15 p.m.8 views

CVE-2025-10443

A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly avai...

9CVSS7AI score0.00084EPSS
Web
CVE
CVEadded 2025/08/21 2:15 p.m.8 views

CVE-2025-55564

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.

7.5CVSS7.6AI score0.00054EPSS
CVE
CVEadded 2025/09/15 11:15 a.m.6 views

CVE-2025-10442

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed a...

8.8CVSS6.6AI score0.00488EPSS
Web
CVE
CVEadded 2025/08/14 8:15 p.m.6 views

CVE-2025-8979

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The...

7.5CVSS7.1AI score0.00047EPSS
Total number of security vulnerabilities74