cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0528,https://securityvulnerability.io/vulnerability/CVE-2025-0528,"Command Injection Vulnerability in Tenda AC8, AC10 and AC18 Routers","A command injection vulnerability exists in Tenda AC8, AC10, and AC18 routers due to improper handling of the /goform/telnet functionality by the HTTP Request Handler. This flaw allows an attacker to execute arbitrary commands on the affected devices remotely, potentially gaining unauthorized access or control. It is crucial for users to address this issue to mitigate the associated risks and protect their network security.",Tenda,"Ac8,Ac10,Ac18",8.6,HIGH,0.000699999975040555,false,false,false,true,true,false,false,2025-01-17T14:31:07.148Z,0
CVE-2024-33182,https://securityvulnerability.io/vulnerability/CVE-2024-33182,Stack-Based Buffer Overflow Vulnerability in Tenda AC18 Router,"The Tenda AC18 router version V15.03.3.10_EN has been identified as having a stack-based buffer overflow vulnerability. This issue arises from improper handling of the deviceId parameter within the endpoint ip/goform/addWifiMacFilter. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or disrupt normal operation of the device, thereby compromising network security. Users of the Tenda AC18 router should take caution and ensure their devices are updated with the latest security patches to mitigate potential threats.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.0013200000394135714,false,false,false,false,,false,false,2024-07-16T16:15:00.000Z,0
CVE-2024-33180,https://securityvulnerability.io/vulnerability/CVE-2024-33180,Stack-Based Buffer Overflow Vulnerability in Tenda AC18 Router,"The Tenda AC18 router is affected by a stack-based buffer overflow vulnerability that arises in the processing of the deviceId parameter within the ip/goform/saveParentControlInfo endpoint. This vulnerability may allow an attacker to execute arbitrary code or affect the normal functioning of the affected device, posing a potential risk to network security and user data integrity.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.0013599999947473407,false,false,false,false,,false,false,2024-07-16T16:15:00.000Z,0
CVE-2024-2854,https://securityvulnerability.io/vulnerability/CVE-2024-2854,OS Command Injection Vulnerability in Tenda AC18 Router,"A critical OS command injection vulnerability has been identified in the Tenda AC18 router, specifically within the formSetSambaConf function located in the /goform/setsambacfg file. This vulnerability arises from improper validation of the usbName argument, allowing an attacker to execute arbitrary commands on the router remotely. The vulnerability has been publicly disclosed, increasing the risk of exploitation. Users of the Tenda AC18 are strongly advised to review their configurations and monitor for any suspicious activity. It is worth noting that the vendor was informed about this vulnerability prior to its disclosure but has not issued a response.",Tenda,Ac18,6.3,MEDIUM,0.0008900000248104334,false,false,false,true,true,false,false,2024-03-24T05:31:04.168Z,0
CVE-2024-2560,https://securityvulnerability.io/vulnerability/CVE-2024-2560,Tenda AC18 Vulnerable to Cross-Site Request Forgery,A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,Tenda,Ac18,4.3,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2024-03-17T10:31:04.158Z,0
CVE-2024-2559,https://securityvulnerability.io/vulnerability/CVE-2024-2559,Tenda AC18 Vulnerable to Cross-Site Request Forgery (CSRF),"A vulnerability has been identified in the Tenda AC18 router, specifically affecting the fromSysToolReboot function located in the /goform/SysToolReboot file. This vulnerability allows for cross-site request forgery (CSRF), enabling an attacker to execute unauthorized actions on behalf of a user without their consent. Exploiting this vulnerability can lead to unauthorized remote access and manipulation of the device settings. The risk is compounded by the public disclosure of the exploit, making it crucial for users to assess their systems and implement proper security measures. The vendor, Tenda, has not responded to inquiries regarding this vulnerability, emphasizing the urgency for users to take immediate action to protect their networks.",Tenda,Ac18,4.3,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2024-03-17T09:31:04.514Z,0
CVE-2024-2558,https://securityvulnerability.io/vulnerability/CVE-2024-2558,Stack-Based Buffer Overflow in Tenda AC18 Affected Products,"A serious vulnerability exists in the Tenda AC18 router, specifically in the handling of the execCommand function found in the /goform/execCommand file. This issue is a stack-based buffer overflow that can be exploited remotely through improper manipulation of the cmdinput argument. When an attacker sends specially crafted input, it can cause the router to overwrite the memory stack with malicious instructions, leading to unauthorized access and control over the device. This vulnerability has been made public, increasing the risk of exploitation, and the vendor has not responded to notifications regarding this critical issue. Users of Tenda AC18 devices should take immediate action to mitigate potential attacks.",Tenda,Ac18,8.8,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-03-17T09:00:07.516Z,0
CVE-2024-2547,https://securityvulnerability.io/vulnerability/CVE-2024-2547,Stack-based Buffer Overflow Vulnerability in Tenda AC18 Router,"A severe vulnerability has been identified in the Tenda AC18 router, specifically within the R7WebsSecurityHandler function. This security flaw allows an attacker to manipulate the 'password' argument, leading to a stack-based buffer overflow. The exploit can be executed remotely, posing a significant risk to users. The vulnerability's public disclosure raises concerns about its potential exploitation. Despite attempts to notify Tenda, there has been no response regarding this critical issue, heightening the concern for the security of the device. Immediate action is recommended for users of affected versions to safeguard against potential attacks.",Tenda,Ac18,8.8,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-03-17T03:31:03.829Z,0
CVE-2024-2546,https://securityvulnerability.io/vulnerability/CVE-2024-2546,Stack-Based Buffer Overflow Vulnerability in Tenda AC18,"A critical vulnerability has been identified in the Tenda AC18 router, specifically within the fromSetWirelessRepeat function. This issue is triggered by improper handling of the argument wpapsk_crypto5g, leading to a stack-based buffer overflow. Attackers can exploit this vulnerability remotely, which poses significant risks to users, as it allows for unauthorized access to sensitive information and control over the device. Despite early notification to the vendor, no response has been received regarding this critical matter. Users are urged to take immediate precautions against potential exploitation.",Tenda,Ac18,8.8,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-03-17T01:31:04.350Z,0
CVE-2024-2490,https://securityvulnerability.io/vulnerability/CVE-2024-2490,Remote Stack-Based Buffer Overflow in Tenda AC18 Router,"A vulnerability exists in the Tenda AC18 router, specifically in the function setSchedWifi located in the openSchedWifi file. This flaw allows for remote manipulation of the schedStartTime and schedEndTime arguments, leading to a stack-based buffer overflow. This could enable an attacker to exploit the vulnerability from a remote location, potentially compromising the device's operation or gaining unauthorized access. The vulnerability has been publicly disclosed, which heightens security risks. The vendor was notified prior to this disclosure but has not responded, leaving users at risk. It is advised that users of the Tenda AC18 take immediate measures to secure their devices.",Tenda,Ac18,8.8,HIGH,0.002090000081807375,false,false,false,true,true,false,false,2024-03-15T09:31:04.121Z,0
CVE-2024-2489,https://securityvulnerability.io/vulnerability/CVE-2024-2489,Stack-Based Buffer Overflow in Tenda AC18 Router,"A significant vulnerability has been identified in the Tenda AC18 router, specifically in the formSetQosBand function within the /goform/SetNetControlList file. This flaw allows unauthorized manipulation of argument lists, resulting in a stack-based buffer overflow. This vulnerability can be exploited remotely, posing a substantial security risk to users. Once exploited, malicious actors could execute arbitrary code or disrupt the router's functionality. Given the public disclosure of this vulnerability, it is imperative that users apply the necessary patches or mitigations provided by the vendor to safeguard their devices.",Tenda,Ac18,8.8,HIGH,0.002090000081807375,false,false,false,true,true,false,false,2024-03-15T09:00:10.441Z,0
CVE-2024-2488,https://securityvulnerability.io/vulnerability/CVE-2024-2488,Stack-Based Buffer Overflow in Tenda AC18 Router,"A critical vulnerability exists in the Tenda AC18 router specifically in the function formSetPPTPServer of the file /goform/SetPptpServerCfg. This vulnerability arises from improper handling of the startIP argument, which can lead to a stack-based buffer overflow. Attackers can exploit this vulnerability remotely, allowing them to potentially manipulate device operation and gain unauthorized access. The vulnerability has been publicly disclosed, and it is crucial for users to update their devices to mitigate potential threats. The vendor was contacted regarding this vulnerability but has not provided a response, increasing the urgency for users to take action.",Tenda,Ac18,8.8,HIGH,0.002090000081807375,false,false,false,true,true,false,false,2024-03-15T09:00:08.823Z,0
CVE-2024-2487,https://securityvulnerability.io/vulnerability/CVE-2024-2487,Stack-Based Buffer Overflow in Tenda AC18 Device Management,"A critical stack-based buffer overflow vulnerability has been identified in the Tenda AC18 router with firmware version 15.03.05.05. This vulnerability arises from improper handling of the 'devName' argument in the formSetDeviceName function within the /goform/SetOnlineDevName file. An attacker can exploit this flaw remotely by crafting specially formed requests, leading to arbitrary code execution or unauthorized access. Notably, despite disclosure to Tenda, there has been no response or patch release, increasing the risk for affected users. Security best practices urge immediate review of device configurations, and affected users should consider disabling remote management features until a fix is implemented.",Tenda,Ac18,8.8,HIGH,0.002090000081807375,false,false,false,true,true,false,false,2024-03-15T08:31:04.506Z,0
CVE-2024-2486,https://securityvulnerability.io/vulnerability/CVE-2024-2486,Stack-based Buffer Overflow Vulnerability in Tenda AC18 Router,"A critical stack-based buffer overflow vulnerability has been identified in the Tenda AC18 router, specifically in the 'formQuickIndex' function within the /goform/QuickIndex file. This vulnerability allows an attacker to manipulate the 'PPPOEPassword' argument, leading to potential remote code execution. The risk is heightened as the exploit is publicly disclosed, making targeted attacks more feasible. Users of affected Tenda AC18 routers are strongly advised to review their security measures to mitigate the risk associated with this vulnerability. For further technical details, refer to VDB-256893.",Tenda,Ac18,8.8,HIGH,0.002300000051036477,false,false,false,true,true,false,false,2024-03-15T08:00:06.524Z,0
CVE-2024-2485,https://securityvulnerability.io/vulnerability/CVE-2024-2485,Stack-Based Buffer Overflow Vulnerability in Tenda AC18 Router,"A significant vulnerability has been discovered in the Tenda AC18 router, specifically within the 'formSetSpeedWan' function utilized in the '/goform/SetSpeedWan' file. This vulnerability can be exploited via a stack-based buffer overflow triggered by manipulating the 'speed_dir' argument. As the attack can be executed remotely, its potential for widespread exploitation raises alarms. The vulnerability has already been disclosed publicly, with no response from the vendor despite early notification. Users of the affected version 15.03.05.05 are strongly advised to assess their security measures and potential exposure.",Tenda,Ac18,8.8,HIGH,0.0020600000862032175,false,false,false,true,true,false,false,2024-03-15T07:00:08.196Z,0
CVE-2024-28535,https://securityvulnerability.io/vulnerability/CVE-2024-28535,Stack Overflow Vulnerability in Tenda AC18 Router,"The Tenda AC18 router, specifically version V15.03.05.05, has been identified to contain a stack overflow vulnerability. This vulnerability affects the mitInterface parameter within the fromAddressNat function, allowing potential attackers to exploit the overflow condition. Such an exploitation could lead to unauthorized access or denial of service. Adequate measures are essential to mitigate the risks posed by this vulnerability, and users are advised to stay informed about potential updates and patches from Tenda.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.0015800000401213765,false,false,false,false,,false,false,2024-03-12T00:00:00.000Z,0
CVE-2024-28553,https://securityvulnerability.io/vulnerability/CVE-2024-28553,Stack Overflow Vulnerability in Tenda AC18 Router,"The Tenda AC18 router version V15.03.05.05 is susceptible to a stack overflow vulnerability in the fromAddressNat function, specifically within the entrys parameter. This flaw could be exploited by attackers to execute arbitrary code or compromise the router's security, potentially leading to unauthorized access or disruption of services. It is crucial for users to address this vulnerability to safeguard their networked environments.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.0016299999551847577,false,false,false,false,,false,false,2024-03-12T00:00:00.000Z,0
CVE-2023-30135,https://securityvulnerability.io/vulnerability/CVE-2023-30135,Command Injection Vulnerability in Tenda AC18 Router,"The Tenda AC18 router, specifically version v15.03.05.19(6318_)_cn, has a command injection vulnerability that can be exploited through the deviceName parameter in the setUsbUnload function. This flaw allows attackers to execute arbitrary commands on the device, posing significant risks to the integrity and security of the network. Users are advised to review security practices and apply any necessary updates or patches as they become available.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.009050000458955765,false,false,false,false,,false,false,2023-05-05T02:15:00.000Z,0
CVE-2023-24166,https://securityvulnerability.io/vulnerability/CVE-2023-24166,Buffer Overflow Vulnerability in Tenda AC18 Router,"The Tenda AC18 router, specifically version V15.03.05.19, has a vulnerability that allows for a buffer overflow through the /goform/formWifiBasicSet endpoint. This security flaw could enable attackers to execute arbitrary code or disrupt the functionality of the device. Network administrators should take immediate action to identify and mitigate this vulnerability to safeguard their wireless networks.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.002219999907538295,false,false,false,false,,false,false,2023-01-26T00:00:00.000Z,0
CVE-2023-24164,https://securityvulnerability.io/vulnerability/CVE-2023-24164,Buffer Overflow Vulnerability in Tenda AC18 Router,"The Tenda AC18 Router, specifically version V15.03.05.19, contains a buffer overflow vulnerability that can be exploited through the /goform/FUN_000c2318 interface. This security flaw may allow an attacker to execute arbitrary code, potentially leading to unauthorized access or control over the device. It is crucial for users to apply necessary patches and updates to safeguard their network from potential breaches.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.0021800000686198473,false,false,false,false,,false,false,2023-01-26T00:00:00.000Z,0
CVE-2023-24169,https://securityvulnerability.io/vulnerability/CVE-2023-24169,Buffer Overflow Vulnerability in Tenda AC18 Router,"The Tenda AC18 router version V15.03.05.19 has a vulnerability that allows for a buffer overflow through the /goform/FUN_0007343c endpoint. This flaw can potentially allow an attacker to execute arbitrary code, leading to unauthorized access and control over the device. Users are advised to review their router configurations and apply any necessary patches to mitigate this risk. Further details can be found in the associated documentation.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.0021800000686198473,false,false,false,false,,false,false,2023-01-26T00:00:00.000Z,0
CVE-2023-24165,https://securityvulnerability.io/vulnerability/CVE-2023-24165,Buffer Overflow Vulnerability in Tenda AC18 Router,"The Tenda AC18 router, specifically version V15.03.05.19, is susceptible to a buffer overflow vulnerability that manifests through the /goform/initIpAddrInfo endpoint. This flaw allows attackers to potentially execute arbitrary code or disrupt normal functionality by sending specially crafted requests, leading to unauthorized access or denial of service. Proper security measures and updates are essential for users to safeguard their network from this exploitation.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.0021800000686198473,false,false,false,false,,false,false,2023-01-26T00:00:00.000Z,0
CVE-2023-24167,https://securityvulnerability.io/vulnerability/CVE-2023-24167,Buffer Overflow Vulnerability in Tenda AC18 Router,"The Tenda AC18 router, specifically the version V15.03.05.19, is susceptible to a buffer overflow vulnerability that can be exploited through the /goform/add_white_node endpoint. This security flaw may allow attackers to execute arbitrary code or cause unexpected behavior in the device, potentially compromising the integrity of the network. It is crucial for users to apply necessary updates and assessments to protect against potential exploitation.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.0021800000686198473,false,false,false,false,,false,false,2023-01-26T00:00:00.000Z,0
CVE-2023-24170,https://securityvulnerability.io/vulnerability/CVE-2023-24170,Buffer Overflow Vulnerability in Tenda AC18 Wireless Router,"The Tenda AC18 V15.03.05.19 is susceptible to a buffer overflow vulnerability when processing requests via the /goform/fromSetWirelessRepeat endpoint. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial of service, thus impacting the security and functionality of affected devices. Users are advised to review their configurations and apply any available patches to mitigate risks associated with this vulnerability.",Tenda,Ac18 Firmware,9.8,CRITICAL,0.0021800000686198473,false,false,false,false,,false,false,2023-01-26T00:00:00.000Z,0
CVE-2022-44178,https://securityvulnerability.io/vulnerability/CVE-2022-44178,,Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.,Tenda,Ac18 Firmware,9.8,CRITICAL,0.0017099999822676182,false,false,false,false,,false,false,2022-11-21T00:00:00.000Z,0