GCVE - cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Tendacn (`911f347d-94dc-5fe9-b545-6a7f771d2f53`)
Product	Ac18 Firmware (`8562dece-7a90-5211-a0dd-e3a66a4cbdf4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-24987`	vulnerable	2026-06-03 14:42:08.328664	Details available Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". Published: 2020-09-04T19:24:39.000Z Updated: 2024-08-04T15:26:09.361Z Open on db.gcve.eu Reference links https://www.tendacn.com/en/product/AC18.html https://drive.google.com/file/d/1iqpr0EofOBC6kCq2USTOBPRlJu_naFjQ/view?usp=sharing https://cwe.mitre.org/data/definitions/287.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-16333`	vulnerable	2026-06-03 14:38:20.338343	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. Published: 2018-09-02T03:00:00.000Z Updated: 2024-08-05T10:24:31.599Z Open on db.gcve.eu Reference links https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-14492`	vulnerable	2026-06-03 14:38:12.146742	Details available Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Published: 2018-07-21T12:00:00.000Z Updated: 2024-09-16T18:18:05.077Z Open on db.gcve.eu Reference links https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.