GCVE - cpe:2.3:o:tenda:ac7_firmware:15.03.06.44

Approved changes feed: RSS · Atom

cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*

part: o version: 15.03.06.44_cn update: *

Vendor	Tenda (`cebb1c0a-7ddd-5bf6-9fc6-52b2b4f8dd42`)
Product	Ac7 Firmware (`e360b203-eeb9-50b1-9676-9d801223cdda`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-18732`	vulnerable	2026-06-03 14:38:28.307577	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. Published: 2018-10-28T00:00:00.000Z Updated: 2024-08-05T11:16:00.422Z Open on db.gcve.eu Reference links https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18731`	vulnerable	2026-06-03 14:38:28.307071	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. Published: 2018-10-28T00:00:00.000Z Updated: 2024-08-05T11:16:00.376Z Open on db.gcve.eu Reference links https://github.com/ZIllR0/Routers/blob/master/Tenda/stack4.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18730`	vulnerable	2026-06-03 14:38:28.306548	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. Published: 2018-10-28T00:00:00.000Z Updated: 2024-08-05T11:16:00.429Z Open on db.gcve.eu Reference links https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18729`	vulnerable	2026-06-03 14:38:28.306041	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. Published: 2018-10-28T00:00:00.000Z Updated: 2024-08-05T11:16:00.404Z Open on db.gcve.eu Reference links https://github.com/ZIllR0/Routers/blob/master/Tenda/heapoverflow1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18727`	vulnerable	2026-06-03 14:38:28.305092	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. Published: 2018-10-28T00:00:00.000Z Updated: 2024-08-05T11:16:00.390Z Open on db.gcve.eu Reference links https://github.com/ZIllR0/Routers/blob/master/Tenda/stack1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18709`	vulnerable	2026-06-03 14:38:28.255198	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. Published: 2018-10-27T22:00:00.000Z Updated: 2024-08-05T11:16:00.371Z Open on db.gcve.eu Reference links https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-08/Tenda.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18708`	vulnerable	2026-06-03 14:38:28.254665	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. Published: 2018-10-27T22:00:00.000Z Updated: 2024-08-05T11:16:00.428Z Open on db.gcve.eu Reference links https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-05/Tenda.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18707`	vulnerable	2026-06-03 14:38:28.254083	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. Published: 2018-10-27T22:00:00.000Z Updated: 2024-08-05T11:16:00.407Z Open on db.gcve.eu Reference links https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18706`	vulnerable	2026-06-03 14:38:28.248969	Details available An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. Published: 2018-10-27T22:00:00.000Z Updated: 2024-08-05T11:16:00.389Z Open on db.gcve.eu Reference links https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Tenda Ac7 Firmware 15.03.06.44 Cn

PURL mappings

Vulnerability references

Contribute