Vulnerabilities > Tenda > Ac15 Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-07-13 CVE-2020-10989 Cross-site Scripting vulnerability in Tenda Ac15 Firmware 15.03.05.19
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.
network
low complexity
tenda CWE-79
6.1
6.1
2020-07-13 CVE-2020-10988 Use of Hard-coded Credentials vulnerability in Tenda Ac15 Firmware 15.03.05.19
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.
network
low complexity
tenda CWE-798
critical
 9.8
9.8
2020-07-13 CVE-2020-10987 OS Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.19
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2020-07-13 CVE-2020-10986 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac15 Firmware 15.03.05.19
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.
network
low complexity
tenda CWE-352
6.5
6.5
2018-10-29 CVE-2018-18732 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda products
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.
network
low complexity
tenda CWE-119
7.5
7.5
2018-10-29 CVE-2018-18731 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda products
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.
network
low complexity
tenda CWE-119
7.5
7.5
2018-10-29 CVE-2018-18730 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda products
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.
network
low complexity
tenda CWE-119
7.5
7.5
2018-10-29 CVE-2018-18729 Out-of-bounds Write vulnerability in Tenda products
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2018-10-29 CVE-2018-18728 OS Command Injection vulnerability in Tenda Ac15 Firmware, Ac18 Firmware and AC9 Firmware
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2018-10-29 CVE-2018-18727 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda products
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.
network
low complexity
tenda CWE-119
7.5
7.5