A18 Firmware
Monthly
Stack buffer overflow in Tenda A18 15.13.07.13 firmware allows authenticated remote attackers to execute arbitrary code through malformed boundary parameters in the /cgi-bin/UploadCfg HTTP endpoint. The vulnerability affects the webCgiGetUploadFile function within the Httpd service and has public exploit code available. Affected users should apply patches when available, as the vulnerability requires valid credentials but no user interaction.
Stack-based buffer overflow in Tenda A18 firmware versions up to 15.13.07.13 allows remote attackers with low privileges to achieve code execution through the wpapsk_crypto5g parameter in the /goform/WifiExtraSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the combination of remote exploitability and complete system compromise potential.
Stack overflow in Tenda A18 firmware version 15.13.07.13 allows remote attackers with low privileges to achieve complete system compromise through a malformed deviceList parameter in the /goform/setBlackRule endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for affected devices.
A vulnerability was found in Tenda A18 up to 15.13.07.09. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Stack buffer overflow in Tenda A18 15.13.07.13 firmware allows authenticated remote attackers to execute arbitrary code through malformed boundary parameters in the /cgi-bin/UploadCfg HTTP endpoint. The vulnerability affects the webCgiGetUploadFile function within the Httpd service and has public exploit code available. Affected users should apply patches when available, as the vulnerability requires valid credentials but no user interaction.
Stack-based buffer overflow in Tenda A18 firmware versions up to 15.13.07.13 allows remote attackers with low privileges to achieve code execution through the wpapsk_crypto5g parameter in the /goform/WifiExtraSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the combination of remote exploitability and complete system compromise potential.
Stack overflow in Tenda A18 firmware version 15.13.07.13 allows remote attackers with low privileges to achieve complete system compromise through a malformed deviceList parameter in the /goform/setBlackRule endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for affected devices.
A vulnerability was found in Tenda A18 up to 15.13.07.09. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.