Shodan
Vulnerabilities
Vulnerable Software
Tenda:  >> Ac9 Firmware  >> 15.03.05.19  Security Vulnerabilities
CVE-2025-22949
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.01
Published
2025-01-10
CVE-2025-22946
Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-01-10
CVE-2022-36571
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-08-31
CVE-2022-36568
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-08-31
CVE-2022-36569
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-08-31
CVE-2022-36570
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-08-31
CVE-2018-14557
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-04-25
CVE-2018-14559
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-04-25
CVE-2018-14558
Known exploited
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
CVSS Score
9.8
EPSS Score
0.675
Published
2018-10-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved