Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical remote buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, affecting the reboot timer configuration function. An authenticated attacker can exploit improper input validation on the 'rebootTime' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). Public exploit code exists and the vulnerability is actively exploitable with low attack complexity.
Technical ContextAI
The vulnerability exists in the SetSysAutoRebbotCfg endpoint (/goform/SetSysAutoRebbotCfg), specifically within the formsetreboottimer function responsible for processing automatic reboot scheduling configuration. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow vulnerability. The affected product is a residential WiFi router (Tenda AC18) running firmware version 15.03.05.05. The vulnerable parameter 'rebootTime' lacks proper bounds checking before being written to a fixed-size buffer, allowing an attacker to overflow the buffer and overwrite adjacent memory including function return addresses or heap metadata. CPE identifier would be: cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*
More in Ac18 Firmware
View allTenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId paramet
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId paramet
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.
Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload func
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Rated critical severity (CVSS 9.8), thi
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. Rated
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Rated critic
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Rat
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName paramet
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. Rated critical severity (CVSS 9.8
Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime fu
Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set. Rated critical severity (CV
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16922