W18e Firmware

w18e_firmware

Vendor: Tenda • 15 CVEs

CVEs (15)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-45343 1Tenda 1W18e Firmware Jun 3, 2025 May 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.
CVE-2025-3203 1Tenda 1W18e Firmware Apr 8, 2025 Apr 4, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password le...Show more A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-29218 1Tenda 1W18e Firmware Mar 26, 2025 Mar 20, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2025-29217 1Tenda 1W18e Firmware Mar 25, 2025 Mar 20, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-46437 1Tenda 1W18e Firmware Mar 25, 2025 Feb 10, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, Wi...Show more A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks.Show less
CVE-2024-46436 1Tenda 1W18e Firmware Mar 25, 2025 Feb 10, 2025 N/A· v4 8.3 HIGH· v3 N/A· v2 Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
CVE-2024-46435 1Tenda 1W18e Firmware Mar 25, 2025 Feb 10, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occur...Show more A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function.Show less
CVE-2024-46434 1Tenda 1W18e Firmware Mar 25, 2025 Feb 10, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
CVE-2024-46433 1Tenda 1W18e Firmware Mar 25, 2025 Feb 10, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.
CVE-2024-46432 1Tenda 1W18e Firmware Mar 25, 2025 Feb 10, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configu...Show more Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.Show less
CVE-2024-46431 1Tenda 1W18e Firmware Mar 25, 2025 Feb 10, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.
CVE-2024-46430 1Tenda 1W18e Firmware Mar 25, 2025 Feb 10, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending...Show more Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.Show less
CVE-2024-46429 1Tenda 1W18e Firmware Mar 28, 2025 Feb 10, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
CVE-2023-46370 1Tenda 1W18e Firmware Nov 21, 2024 Oct 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.
CVE-2023-46369 1Tenda 1W18e Firmware Nov 21, 2024 Oct 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.