Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38312 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. | |||||
| CVE-2022-38309 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. | |||||
| CVE-2022-43260 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function. | |||||
| CVE-2022-35201 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. | |||||
| CVE-2022-38310 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. | |||||
| CVE-2022-38313 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentControlInfo. | |||||
| CVE-2022-38311 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet. | |||||
| CVE-2022-40861 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/ | |||||
| CVE-2022-38314 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo. | |||||
| CVE-2022-30475 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. | |||||
| CVE-2022-30472 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat | |||||
| CVE-2022-30477 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. | |||||
| CVE-2022-30473 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set | |||||
| CVE-2022-30476 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. | |||||
| CVE-2022-30474 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. | |||||
| CVE-2018-18730 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | |||||
| CVE-2018-18727 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | |||||
| CVE-2018-18731 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | |||||
| CVE-2018-18709 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | |||||
| CVE-2018-18728 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. | |||||