W18e Firmware Security Vulnerabilities and Issues — W18e Firmware CVE List

Lucene search

TendaW18e Firmware

9 matches found

CVE•added 2025/02/10 7:15 p.m.•46 views

CVE-2024-46435

A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delF...

8CVSS8.1AI score0.00127EPSS

CVE•added 2025/02/10 7:15 p.m.•41 views

CVE-2024-46437

A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a special...

6.5CVSS6.6AI score0.00363EPSS

CVE•added 2025/02/10 7:15 p.m.•40 views

CVE-2024-46434

Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.

8.8CVSS8.9AI score0.00196EPSS

CVE•added 2025/02/10 7:15 p.m.•40 views

CVE-2024-46436

Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.

8.3CVSS8.5AI score0.00142EPSS

CVE•added 2025/02/10 7:15 p.m.•39 views

CVE-2024-46432

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.

8.8CVSS8.6AI score0.00044EPSS

CVE•added 2025/02/10 7:15 p.m.•39 views

CVE-2024-46433

A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.

8.8CVSS8.8AI score0.00344EPSS

CVE•added 2025/02/10 7:15 p.m.•38 views

CVE-2024-46429

A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.

8.8CVSS8.7AI score0.00074EPSS

CVE•added 2025/02/10 7:15 p.m.•38 views

CVE-2024-46430

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassi...

6.5CVSS6.8AI score0.00023EPSS

CVE•added 2025/02/10 7:15 p.m.•38 views

CVE-2024-46431

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.

8CVSS7.8AI score0.00015EPSS