CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0848 – Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0848
30 Jan 2025 — A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. • https://github.com/alc9700jmo/CVE/issues/9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-50585
https://notcve.org/view.php?id=CVE-2023-50585
09 Jan 2024 — Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. Se descubrió que Tenda A18 v15.13.07.09 contenía un desbordamiento de pila a través del parámetro devName en la función formSetDeviceName. • https://github.com/LaPhilosophie/IoT-vulnerable/blob/main/Tenda/A18/formSetDeviceName.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39827
https://notcve.org/view.php?id=CVE-2023-39827
14 Aug 2023 — Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function. • https://github.com/lst-oss/Vulnerability/tree/main/Tenda/A18/formAddMacfilterRule • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39828
https://notcve.org/view.php?id=CVE-2023-39828
14 Aug 2023 — Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. • https://github.com/lst-oss/Vulnerability/tree/main/Tenda/A18/formWifiBasicSet • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39829
https://notcve.org/view.php?id=CVE-2023-39829
14 Aug 2023 — Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWirelessRepeat function. • https://github.com/lst-oss/Vulnerability/tree/main/Tenda/A18/fromSetWirelessRepeat • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44931
https://notcve.org/view.php?id=CVE-2022-44931
08 Dec 2022 — Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. Se descubrió que Tenda A18 v15.13.07.09 contenía un desbordamiento de pila a través del parámetro security_5g en /goform/WifiBasicSet. • https://github.com/z1r00/IOT_Vul/blob/main/Tenda/A18/formWifiBasicSet/readme.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44932
https://notcve.org/view.php?id=CVE-2022-44932
08 Dec 2022 — An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. Un problema de control de acceso en Tenda A18 v15.13.07.09 permite a atacantes no autenticados acceder al servicio Telnet. • https://github.com/z1r00/IOT_Vul/blob/main/Tenda/A18/TendaTelnet/readme.md •