U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 46 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-2854

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 24, 2024; 2:15:08 AM -0400 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2023-38823

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

Published: November 20, 2023; 3:15:07 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2023-30135

Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.

Published: May 04, 2023; 10:15:08 PM -0400 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2023-24170

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.

Published: January 26, 2023; 4:18:16 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2023-24169

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.

Published: January 26, 2023; 4:18:16 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2023-24167

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.

Published: January 26, 2023; 4:18:16 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2023-24166

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.

Published: January 26, 2023; 4:18:16 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2023-24165

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.

Published: January 26, 2023; 4:18:16 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2023-24164

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.

Published: January 26, 2023; 4:18:16 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-44183

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.

Published: November 21, 2022; 1:15:24 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-44180

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.

Published: November 21, 2022; 1:15:24 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-44178

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.

Published: November 21, 2022; 1:15:23 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-44177

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart.

Published: November 21, 2022; 1:15:23 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-44176

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic.

Published: November 21, 2022; 1:15:23 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-44175

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

Published: November 21, 2022; 1:15:22 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-44174

Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.

Published: November 21, 2022; 1:15:22 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-44172

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.

Published: November 21, 2022; 1:15:22 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-44171

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.

Published: November 21, 2022; 1:15:22 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-43260

Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.

Published: October 18, 2022; 11:15:10 AM -0400 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-40861

Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/

Published: September 23, 2022; 11:15:14 AM -0400 		V3.1: 7.2 HIGH
 V2.0:(not available)