GCVE - cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Tendacn (`911f347d-94dc-5fe9-b545-6a7f771d2f53`)
Product	Ac15 (`059594b8-4b41-598e-961f-136b2ca56909`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-40869`	not_vulnerable	2026-06-03 14:48:03.657768	Details available Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list"). Published: 2022-09-23T13:32:22.000Z Updated: 2025-05-27T14:44:13.104Z Open on db.gcve.eu Reference links https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromDhcpListClient-list.md https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/fromDhcpListClient-list.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40865`	not_vulnerable	2026-06-03 14:48:03.656100	Details available Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/ Published: 2022-09-23T13:35:42.000Z Updated: 2025-05-27T14:43:34.801Z Open on db.gcve.eu Reference links https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSchedWifi.md https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/setSchedWifi.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40864`	not_vulnerable	2026-06-03 14:48:03.655603	Details available Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet Published: 2022-09-23T13:38:53.000Z Updated: 2025-05-22T20:29:21.469Z Open on db.gcve.eu Reference links https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/setSmartPowerManagement.md https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSmartPowerManagement.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40862`	not_vulnerable	2026-06-03 14:48:03.652649	Details available Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting Published: 2022-09-23T13:45:25.000Z Updated: 2025-05-22T20:28:43.630Z Open on db.gcve.eu Reference links https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromNatStaticSetting.md https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/fromNatStaticSetting.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40860`	not_vulnerable	2026-06-03 14:48:03.651867	Details available Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList Published: 2022-09-23T13:47:20.000Z Updated: 2025-05-22T20:11:10.989Z Open on db.gcve.eu Reference links https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/formSetQosBand.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40853`	not_vulnerable	2026-06-03 14:48:03.647576	Details available Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set Published: 2022-09-23T13:59:58.000Z Updated: 2025-05-22T20:10:28.379Z Open on db.gcve.eu Reference links https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/form_fast_setting_wifi_set.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-38326`	not_vulnerable	2026-06-03 14:47:49.517120	Details available Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. Published: 2022-09-15T19:01:38.000Z Updated: 2024-08-03T10:54:03.758Z Open on db.gcve.eu Reference links https://github.com/1160300418/Vuls/blob/main/Tenda/AC/Vul_NatStaticSetting.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-38325`	not_vulnerable	2026-06-03 14:47:49.515222	Details available Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile. Published: 2022-09-15T19:01:37.000Z Updated: 2024-08-03T10:54:03.530Z Open on db.gcve.eu Reference links https://github.com/1160300418/Vuls/blob/main/Tenda/AC/Vul_expandDlnaFile.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-44352`	not_vulnerable	2026-06-03 14:45:36.121124	Details available A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. Published: 2021-12-03T18:31:35.000Z Updated: 2024-08-04T04:17:24.908Z Open on db.gcve.eu Reference links https://github.com/zhlu32/cve/blob/main/tenda/Tenda-ac15-buffer-overflow.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-5770`	not_vulnerable	2026-06-03 14:38:58.579551	Details available An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. Published: 2018-03-20T15:00:00.000Z Updated: 2024-08-05T05:40:51.281Z Open on db.gcve.eu Reference links https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-5768`	not_vulnerable	2026-06-03 14:38:58.579169	Details available A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. Published: 2018-03-20T19:00:00.000Z Updated: 2024-08-05T05:40:51.207Z Open on db.gcve.eu Reference links https://www.fidusinfosec.com/tenda-ac15-hard-coded-accounts-cve-2018-5768/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-5767`	not_vulnerable	2026-06-03 14:38:58.577828	Details available An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. Published: 2018-02-15T23:00:00.000Z Updated: 2024-08-05T05:40:51.394Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/44253/ https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-16333`	not_vulnerable	2026-06-03 14:38:20.340194	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. Published: 2018-09-02T03:00:00.000Z Updated: 2024-08-05T10:24:31.599Z Open on db.gcve.eu Reference links https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-14492`	not_vulnerable	2026-06-03 14:38:12.145633	Details available Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Published: 2018-07-21T12:00:00.000Z Updated: 2024-09-16T18:18:05.077Z Open on db.gcve.eu Reference links https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.