EUVD-2026-35092
GHSA-g4hg-4wjv-mfcm
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionNVD
A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
AnalysisAI
Stack-based buffer overflow in the Tenda AC18 router (firmware 15.03.05.05) Web Management Interface allows remote attackers with low privileges to corrupt memory by manipulating the callback argument sent to /goform/getRebootStatus. The flaw, handled by the sub_45304 function, has publicly available exploit code and enables high impact to confidentiality, integrity, and availability of the device. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker requires network reachability to the Tenda AC18's Web Management Interface (HTTP) and low-privileged authenticated access per CVSS PR:L - typically valid login credentials to the router admin panel. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/E:P scores 7.4 (High), reflecting network reachability, low attack complexity, no user interaction, and high CIA impact - but PR:L indicates some authentication is required, which limits exposure if the admin interface is not internet-facing or credentials are unique. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privileged credentials (or accesses an internet-exposed admin interface with weak credentials) sends a crafted HTTP request to /goform/getRebootStatus with an overlong callback parameter value. The oversized input overflows the stack buffer inside sub_45304, overwriting the saved return address and redirecting execution to attacker-supplied shellcode, achieving code execution as the router's web service (typically root on embedded MIPS/ARM Linux). … |
| Remediation | No vendor-released patch identified at time of analysis - Tenda has not published an advisory or fixed firmware version in the available references. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all Tenda AC18 routers in use, specifically noting which devices run firmware 15.03.05.05 and have internet-accessible web management interfaces. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Stack-based buffer overflow in the Tenda CX12L router (firmware 16.03.53.12) allows authenticated remote attackers to co
Stack-based buffer overflow in Tenda CX12L 16.03.53.12 routers allows remote attackers with low privileges to corrupt me
Stack-based buffer overflow in the Tenda W20E router (firmware 15.11.0.6) allows remote authenticated attackers to corru
Stack-based buffer overflow in Tenda W20E firmware 15.11.0.6 allows authenticated remote attackers to corrupt memory via
Stack-based buffer overflow in the Tenda W20E router (firmware 15.11.0.6) allows remote authenticated attackers to corru
Share
External POC / Exploit Code
Leaving vuln.today