A18 Firmware
CVE-2026-2877
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Stack-based buffer overflow in Tenda A18 firmware versions up to 15.13.07.13 allows remote attackers with low privileges to achieve code execution through the wpapsk_crypto5g parameter in the /goform/WifiExtraSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the combination of remote exploitability and complete system compromise potential.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects A18 Firmware. A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in A18 Firmware
View allTenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName fun
Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWire
Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet fun
Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRul
An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. Rated h
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
Stack overflow in Tenda A18 firmware version 15.13.07.13 allows remote attackers with low privileges to achieve complete
Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle
A vulnerability was found in Tenda A18 up to 15.13.07.09. Rated high severity (CVSS 7.1), this vulnerability is remotely
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today