Tenda

Ac15 Firmware

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-24101

Exploit
  • EPSS 0.29%
  • Veröffentlicht 02.03.2026 00:00:00
  • Zuletzt bearbeitet 03.03.2026 19:44:19

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command...

9.8

CVE-2026-3400

Exploit
  • EPSS 0.05%
  • Veröffentlicht 01.03.2026 23:32:12
  • Zuletzt bearbeitet 03.03.2026 19:48:04

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer over...

9.8

CVE-2025-63666

Exploit
  • EPSS 0.12%
  • Veröffentlicht 12.11.2025 15:15:38
  • Zuletzt bearbeitet 17.11.2025 18:59:20

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim b...

9

CVE-2025-11389

Exploit
  • EPSS 0.14%
  • Veröffentlicht 07.10.2025 11:32:07
  • Zuletzt bearbeitet 24.02.2026 07:16:30

A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack...

8.8

CVE-2025-11388

Exploit
  • EPSS 0.14%
  • Veröffentlicht 07.10.2025 11:16:02
  • Zuletzt bearbeitet 09.10.2025 16:45:53

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The ...

8.8

CVE-2025-11387

Exploit
  • EPSS 0.14%
  • Veröffentlicht 07.10.2025 10:32:07
  • Zuletzt bearbeitet 09.10.2025 16:46:01

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely...

8.8

CVE-2025-11386

Exploit
  • EPSS 0.14%
  • Veröffentlicht 07.10.2025 10:15:34
  • Zuletzt bearbeitet 09.10.2025 16:46:10

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. T...

8.8

CVE-2025-10443

Exploit
  • EPSS 0.48%
  • Veröffentlicht 15.09.2025 11:32:07
  • Zuletzt bearbeitet 19.09.2025 19:22:53

A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can b...

8.8

CVE-2025-10442

Exploit
  • EPSS 0.37%
  • Veröffentlicht 15.09.2025 11:15:33
  • Zuletzt bearbeitet 19.09.2025 20:39:12

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is po...

7.5

CVE-2025-55564

Exploit
  • EPSS 0.08%
  • Veröffentlicht 21.08.2025 00:00:00
  • Zuletzt bearbeitet 03.09.2025 14:53:05

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.