Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40854 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set | |||||
CVE-2022-38314 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo. | |||||
CVE-2022-38313 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentControlInfo. | |||||
CVE-2022-38312 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. | |||||
CVE-2022-38311 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet. | |||||
CVE-2022-38310 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. | |||||
CVE-2022-38309 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. | |||||
CVE-2022-35201 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. | |||||
CVE-2022-30477 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. | |||||
CVE-2022-30476 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. | |||||
CVE-2022-30475 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. | |||||
CVE-2022-30474 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. | |||||
CVE-2022-30473 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set | |||||
CVE-2022-30472 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat | |||||
CVE-2018-18732 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | |||||
CVE-2018-18731 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | |||||
CVE-2018-18730 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | |||||
CVE-2018-18729 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. | |||||
CVE-2018-18728 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. | |||||
CVE-2018-18727 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. |