Every CVE whose affected-product data names Tenda Ac18 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (103)
CVE-2023-38823 — CVSS 9.8 (critical): Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code…
CVE-2026-31255 — CVSS 9.8 (critical): A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg…
CVE-2024-57583 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf…
CVE-2024-57582 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.
CVE-2024-57581 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVE-2024-57580 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVE-2024-57579 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.
CVE-2018-18728 — CVSS 9.8 (critical): An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote…
CVE-2018-18729 — CVSS 9.8 (critical): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2024-57575 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
CVE-2024-33835 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.
CVE-2024-28553 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.
CVE-2022-30472 — CVSS 9.8 (critical): Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat
CVE-2024-28545 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.
CVE-2022-30474 — CVSS 9.8 (critical): Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling…
CVE-2024-28537 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.
CVE-2022-30476 — CVSS 9.8 (critical): Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling…
CVE-2022-30477 — CVSS 9.8 (critical): Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling…
CVE-2022-38309 — CVSS 9.8 (critical): Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServe…
CVE-2022-38310 — CVSS 9.8 (critical): Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteC…
CVE-2022-38311 — CVSS 9.8 (critical): Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet.
CVE-2022-38312 — CVSS 9.8 (critical): Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.
CVE-2022-38313 — CVSS 9.8 (critical): Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentContr…
CVE-2022-38314 — CVSS 9.8 (critical): Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentContr…
CVE-2024-28535 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.
CVE-2022-43260 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.
CVE-2023-30135 — CVSS 9.8 (critical): Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the…
CVE-2024-2490 — CVSS 8.8 (high): A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of…
CVE-2024-2485 — CVSS 8.8 (high): A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of…
CVE-2024-2486 — CVSS 8.8 (high): A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the…
CVE-2024-2487 — CVSS 8.8 (high): A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function…
CVE-2024-2488 — CVSS 8.8 (high): A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of…
CVE-2024-2489 — CVSS 8.8 (high): A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file…
CVE-2017-16923 — CVSS 8.8 (high): Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_…
CVE-2024-2546 — CVSS 8.8 (high): A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function…
CVE-2024-2547 — CVSS 8.8 (high): A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function…
CVE-2024-2558 — CVSS 8.8 (high): A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the…
CVE-2024-30891 — CVSS 8.8 (high): A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput…
CVE-2024-33181 — CVSS 8.8 (high): Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at…
CVE-2024-57578 — CVSS 8.8 (high): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.
CVE-2025-11120 — CVSS 8.8 (high): A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file…
CVE-2025-11122 — CVSS 8.8 (high): A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation…
CVE-2025-11123 — CVSS 8.8 (high): A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the…
CVE-2025-11324 — CVSS 8.8 (high): A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-11325 — CVSS 8.8 (high): A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file…
CVE-2025-11326 — CVSS 8.8 (high): A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet…
CVE-2025-11327 — CVSS 8.8 (high): A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file…
CVE-2025-11328 — CVSS 8.8 (high): A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This issue affects some unknown processing of the file /goform/SetDDNSCfg…
CVE-2025-14992 — CVSS 8.8 (high): A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file…
CVE-2025-14993 — CVSS 8.8 (high): A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component…
CVE-2025-5607 — CVSS 8.8 (high): A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of…
CVE-2025-5608 — CVSS 8.8 (high): A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file…
CVE-2025-5609 — CVSS 8.8 (high): A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip…
CVE-2025-63835 — CVSS 8.8 (high): A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid…
CVE-2025-9023 — CVSS 8.8 (high): A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file…
CVE-2024-34974 — CVSS 8.2 (high): Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter.
CVE-2024-41630 — CVSS 7.6 (high): Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid…
CVE-2018-18709 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2018-18708 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2018-18707 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2018-18706 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2025-60662 — CVSS 7.5 (high): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.
CVE-2018-18731 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2018-18727 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2025-60663 — CVSS 7.5 (high): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function.
CVE-2018-18730 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2022-30475 — CVSS 7.5 (high): Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling…
CVE-2022-30473 — CVSS 7.5 (high): Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set
CVE-2024-28551 — CVSS 7.5 (high): Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.
CVE-2018-18732 — CVSS 7.5 (high): An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18…
CVE-2025-60660 — CVSS 7.5 (high): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function.
CVE-2022-40861 — CVSS 7.2 (high): Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request…
CVE-2025-0528 — CVSS 7.2 (high): A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some…
CVE-2024-28547 — CVSS 6.5 (medium): Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function.
CVE-2024-10280 — CVSS 6.5 (medium): A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as…
CVE-2017-16936 — CVSS 6.5 (medium): Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(631…
CVE-2024-2854 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file…
CVE-2025-11121 — CVSS 6.3 (medium): A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file…
CVE-2025-5606 — CVSS 6.3 (medium): A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv…
CVE-2024-57577 — CVSS 5.7 (medium): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
CVE-2025-8182 — CVSS 5.6 (medium): A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file…
CVE-2025-63834 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid…
CVE-2025-60661 — CVSS 5.3 (medium): Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.
CVE-2024-28550 — CVSS 4.3 (medium): Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function.
CVE-2024-2560 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function…
CVE-2024-2559 — CVSS 4.3 (medium): A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file…