Every CVE whose affected-product data names Tenda W18e Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2023-46369 — CVSS 9.8 (critical): Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools…
CVE-2023-46370 — CVSS 9.8 (critical): Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.
CVE-2025-45343 — CVSS 9.8 (critical): An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module…
CVE-2024-46434 — CVSS 8.8 (high): Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to…
CVE-2024-46429 — CVSS 8.8 (high): A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management…
CVE-2024-46432 — CVSS 8.8 (high): Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the…
CVE-2024-46433 — CVSS 8.8 (high): A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management…
CVE-2024-46436 — CVSS 8.3 (high): Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the…
CVE-2024-46435 — CVSS 8.0 (high): A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a…
CVE-2024-46431 — CVSS 8.0 (high): Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this…
CVE-2024-46437 — CVSS 6.5 (medium): A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote…
CVE-2025-29218 — CVSS 6.5 (medium): Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability…
CVE-2025-29217 — CVSS 6.5 (medium): Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability…
CVE-2024-46430 — CVSS 6.5 (medium): Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an…
CVE-2025-3203 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function…