Filtered by vendor Tenda
Subscriptions
Filtered by product Ac15 Firmware
Subscriptions
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30840 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-14 | 6.5 Medium |
| A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function. | ||||
| CVE-2024-2807 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-10 | 8.8 High |
| A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2817 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-10 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-25634 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-10 | 6.5 Medium |
| A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. | ||||
| CVE-2025-25632 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-09 | 9.8 Critical |
| Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. | ||||
| CVE-2024-30645 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-08 | 8.0 High |
| Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. | ||||
| CVE-2024-30613 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-08 | 4.3 Medium |
| Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function. | ||||
| CVE-2020-10987 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-03-14 | 9.8 Critical |
| The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | ||||
| CVE-2023-30378 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-05 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30376 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-05 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30375 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-05 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30371 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30370 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30369 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. | ||||
| CVE-2023-30373 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30372 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2024-2805 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-01-24 | 8.8 High |
| A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-32303 | 1 Tenda | 1 Ac15 Firmware | 2024-11-21 | 8 High |
| Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | ||||
| CVE-2024-2855 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 8.8 High |
| A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2852 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 8.8 High |
| A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||