Tenda

Ac15 Firmware

86 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2026-11493

Exploit
  • EPSS 0.22%
  • Veröffentlicht 08.06.2026 05:45:09
  • Zuletzt bearbeitet 08.06.2026 14:57:14

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible wi...

8.8

CVE-2026-5830

Exploit
  • EPSS 0.63%
  • Veröffentlicht 09.04.2026 02:16:17
  • Zuletzt bearbeitet 30.04.2026 15:20:33

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be execut...

8.8

CVE-2026-4975

Exploit
  • EPSS 0.63%
  • Veröffentlicht 27.03.2026 19:52:54
  • Zuletzt bearbeitet 03.04.2026 11:32:38

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The atta...

9.8

CVE-2026-24103

Exploit
  • EPSS 0.43%
  • Veröffentlicht 03.03.2026 00:00:00
  • Zuletzt bearbeitet 05.03.2026 21:43:07

A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.

9.8

CVE-2026-24105

Exploit
  • EPSS 1.7%
  • Veröffentlicht 02.03.2026 00:00:00
  • Zuletzt bearbeitet 06.03.2026 21:05:36

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.

9.8

CVE-2026-24101

Exploit
  • EPSS 1.67%
  • Veröffentlicht 02.03.2026 00:00:00
  • Zuletzt bearbeitet 03.03.2026 19:44:19

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command...

9.8

CVE-2026-3400

Exploit
  • EPSS 0.85%
  • Veröffentlicht 01.03.2026 23:32:12
  • Zuletzt bearbeitet 03.03.2026 19:48:04

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer over...

9.8

CVE-2025-63666

Exploit
  • EPSS 0.42%
  • Veröffentlicht 12.11.2025 15:15:38
  • Zuletzt bearbeitet 17.11.2025 18:59:20

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim b...

9

CVE-2025-11389

Exploit
  • EPSS 0.73%
  • Veröffentlicht 07.10.2025 11:32:07
  • Zuletzt bearbeitet 24.02.2026 07:16:30

A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack...

8.8

CVE-2025-11388

Exploit
  • EPSS 0.72%
  • Veröffentlicht 07.10.2025 11:16:02
  • Zuletzt bearbeitet 09.10.2025 16:45:53

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The ...