Vulnerabilities > Tenda
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-29 | CVE-2018-18708 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. | 7.8 |
| 2018-10-29 | CVE-2018-18707 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. | 7.8 |
| 2018-10-29 | CVE-2018-18706 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. | 7.8 |
| 2018-03-01 | CVE-2018-7561 | Out-of-bounds Write vulnerability in Tendacn AC9 Firmware 15.03.05.14En Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. | 7.5 |
| 2017-11-24 | CVE-2017-16936 | Path Traversal vulnerability in Tenda Ac15 Firmware, Ac18 Firmware and AC9 Firmware Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. | 3.3 |
| 2017-11-21 | CVE-2017-16923 | OS Command Injection vulnerability in Tenda Ac15 Firmware, Ac18 Firmware and AC9 Firmware Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. | 8.3 |
| 2017-09-17 | CVE-2017-14515 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda W15E Firmware Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. | 5.0 |
| 2017-09-17 | CVE-2017-14514 | Path Traversal vulnerability in Tenda W15E Firmware Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | 5.0 |
| 2015-12-31 | CVE-2015-5995 | Permissions, Privileges, and Access Controls vulnerability in multiple products Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. | 10.0 |
| 2014-10-23 | CVE-2014-7281 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda A32 and A32 Firmware Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot. | 6.8 |