Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ac15_firmware vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-5770
An issue exists on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be...
Tendacn Ac15 Firmware -
9.8
CVSSv3
CVE-2020-15916
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote malicious users to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
Tenda Ac15 Firmware 15.03.05.19
9.8
CVSSv3
CVE-2020-10988
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote malicious users to start a telnetd service on the device.
Tenda Ac15 Firmware 15.03.05.19
2 Github repositories
9.8
CVSSv3
CVE-2022-40851
Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.
Tenda Ac15 Firmware 15.03.05.19
9.8
CVSSv3
CVE-2022-40860
Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList
Tendacn Ac15 Firmware 15.03.05.19
9.8
CVSSv3
CVE-2022-40853
Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set
Tendacn Ac15 Firmware 15.03.05.19
9.8
CVSSv3
CVE-2018-5767
An issue exists on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
Tendacn Ac15 Firmware 15.03.1.16
1 EDB exploit
2 Github repositories
9.8
CVSSv3
CVE-2022-37175
Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.
Tenda Ac15 Firmware 15.03.05.18
9.8
CVSSv3
CVE-2022-28557
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
Tenda Ac15 Firmware 15.03.05.20 Multi Tde01
6.5
CVSSv3
CVE-2020-10986
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote malicious users to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.
Tenda Ac15 Firmware 15.03.05.19
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »