Vulnerabilities > Tenda > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-29 | CVE-2018-18707 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. | 7.5 |
| 2018-10-29 | CVE-2018-18706 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. | 7.5 |
| 2017-11-21 | CVE-2017-16923 | OS Command Injection vulnerability in Tenda Ac15 Firmware, Ac18 Firmware and AC9 Firmware Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. | 8.8 |
| 2017-09-17 | CVE-2017-14515 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda W15E Firmware 15.11.0.10(1576)/15.11.0.14/V15.11.0.13Cn Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. | 7.5 |
| 2017-09-17 | CVE-2017-14514 | Path Traversal vulnerability in Tenda W15E Firmware 15.11.0.10(1576)/15.11.0.14/V15.11.0.13Cn Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | 7.5 |