Tenda

Ac15 Firmware

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-5830

  • EPSS 0.05%
  • Veröffentlicht 09.04.2026 02:16:17
  • Zuletzt bearbeitet 13.04.2026 15:02:47

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be execut...

8.8

CVE-2026-4975

Exploit
  • EPSS 0.08%
  • Veröffentlicht 27.03.2026 19:52:54
  • Zuletzt bearbeitet 03.04.2026 11:32:38

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The atta...

9.8

CVE-2026-24103

Exploit
  • EPSS 0.06%
  • Veröffentlicht 03.03.2026 00:00:00
  • Zuletzt bearbeitet 05.03.2026 21:43:07

A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.

9.8

CVE-2026-24105

Exploit
  • EPSS 1.65%
  • Veröffentlicht 02.03.2026 00:00:00
  • Zuletzt bearbeitet 06.03.2026 21:05:36

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.

9.8

CVE-2026-24101

Exploit
  • EPSS 1.1%
  • Veröffentlicht 02.03.2026 00:00:00
  • Zuletzt bearbeitet 03.03.2026 19:44:19

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command...

9.8

CVE-2026-3400

Exploit
  • EPSS 0.14%
  • Veröffentlicht 01.03.2026 23:32:12
  • Zuletzt bearbeitet 03.03.2026 19:48:04

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer over...

9.8

CVE-2025-63666

Exploit
  • EPSS 0.1%
  • Veröffentlicht 12.11.2025 15:15:38
  • Zuletzt bearbeitet 17.11.2025 18:59:20

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim b...

9

CVE-2025-11389

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.10.2025 11:32:07
  • Zuletzt bearbeitet 24.02.2026 07:16:30

A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack...

8.8

CVE-2025-11388

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.10.2025 11:16:02
  • Zuletzt bearbeitet 09.10.2025 16:45:53

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The ...

8.8

CVE-2025-11387

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.10.2025 10:32:07
  • Zuletzt bearbeitet 09.10.2025 16:46:01

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely...