Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tenda Subscribe
Filtered by product Ac9 Firmware
Total 41 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25427 1 Tenda 2 Ac9, Ac9 Firmware 2022-03-24 10.0 HIGH 9.8 CRITICAL
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
CVE-2022-25434 1 Tenda 2 Ac9, Ac9 Firmware 2022-03-24 10.0 HIGH 9.8 CRITICAL
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.
CVE-2022-25417 1 Tenda 2 Ac9, Ac9 Firmware 2022-03-03 10.0 HIGH 9.8 CRITICAL
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
CVE-2022-25414 1 Tenda 2 Ac9, Ac9 Firmware 2022-03-03 10.0 HIGH 9.8 CRITICAL
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
CVE-2022-25418 1 Tenda 2 Ac9, Ac9 Firmware 2022-03-02 10.0 HIGH 9.8 CRITICAL
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
CVE-2020-26728 1 Tenda 2 Ac9, Ac9 Firmware 2022-02-22 7.5 HIGH 9.8 CRITICAL
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.
CVE-2017-16923 1 Tenda 6 Ac15, Ac15 Firmware, Ac18 and 3 more 2019-10-02 8.3 HIGH 8.8 HIGH
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.
CVE-2018-14558 1 Tenda 6 Ac10, Ac10 Firmware, Ac7 and 3 more 2019-10-02 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
CVE-2018-18729 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2019-10-02 9.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.
CVE-2018-18728 1 Tenda 6 Ac15, Ac15 Firmware, Ac18 and 3 more 2019-10-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.
CVE-2018-14559 1 Tenda 6 Ac10, Ac10 Firmware, Ac7 and 3 more 2019-05-02 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
CVE-2018-14557 1 Tenda 6 Ac10, Ac10 Firmware, Ac7 and 3 more 2019-05-02 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow.
CVE-2018-18732 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2019-01-29 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18731 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2019-01-29 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18706 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2018-12-14 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18707 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2018-12-14 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18708 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2018-12-14 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18709 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2018-12-14 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18727 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2018-12-14 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
CVE-2018-18730 1 Tenda 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2018-12-14 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.