A18 Firmware
CVE-2026-2876
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
AnalysisAI
Stack overflow in Tenda A18 firmware version 15.13.07.13 allows remote attackers with low privileges to achieve complete system compromise through a malformed deviceList parameter in the /goform/setBlackRule endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for affected devices.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects A18 Firmware. A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in A18 Firmware
View allTenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName fun
Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWire
Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet fun
Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRul
An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. Rated h
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
Stack-based buffer overflow in Tenda A18 firmware versions up to 15.13.07.13 allows remote attackers with low privileges
Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle
A vulnerability was found in Tenda A18 up to 15.13.07.09. Rated high severity (CVSS 7.1), this vulnerability is remotely
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today