Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, exploitable via the /goform/AdvSetLanip endpoint's lanMask parameter. An authenticated remote attacker can trigger memory corruption leading to complete system compromise (confidentiality, integrity, availability). A public exploit proof-of-concept exists, and the vulnerability is likely being actively weaponized given disclosure status and CVSS 8.8 severity.
Technical ContextAI
The vulnerability resides in the fromadvsetlanip function within the HTTP request handler /goform/AdvSetLanip of Tenda AC18 firmware (CPE: cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*). The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow flaw where user-supplied input in the lanMask parameter is copied into a fixed-size buffer without proper bounds checking. This is a common pattern in legacy embedded device firmware where the CGI handler fails to validate input length before stack or heap allocation. The vulnerability affects the LAN IP configuration subsystem, a privileged network function typically accessible only after authentication but critical in router security architecture.
RemediationAI
Primary mitigation: (1) Upgrade Tenda AC18 firmware to the latest available version released after this CVE disclosure—verify patch release at Tenda's official support site (support.tenda.com.cn or regional equivalent); (2) If patch unavailable, implement network segmentation: restrict access to router web interface (port 80/443) to trusted administrative networks only using firewall rules; (3) Change default router credentials immediately and enforce strong unique passwords; (4) Disable remote management features if not required. Temporary workaround: disable HTTP/HTTPS management interface access from untrusted networks. Note: Given the embedded device nature, firmware patching may require manual upload via web interface—backup configuration before attempting patch.
More in Ac18 Firmware
View allTenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId paramet
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId paramet
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.
Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload func
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Rated critical severity (CVSS 9.8), thi
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. Rated
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Rated critic
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Rat
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName paramet
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. Rated critical severity (CVSS 9.8
Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime fu
Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set. Rated critical severity (CV
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16919