threat
engine
.sh
Back
·
··:··
Home
/
Product
/
tenda ac15 firmware
Product
tenda ac15 firmware
105 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-5830
all versions
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePw
8.8
HIGH
CVE-2026-4975
all versions
A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the c
8.8
HIGH
CVE-2026-24103
all versions
A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
9.8
CRITICAL
CVE-2026-24105
all versions
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of
v1
was not checked, potent
9.8
CRITICAL
CVE-2026-24101
all versions
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met,
s1_1
will be pass
9.8
CRITICAL
CVE-2026-3400
<= 15.13.07.13
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the f
8.8
HIGH
CVE-2025-63666
all versions
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a sho
9.8
CRITICAL
CVE-2025-11389
all versions
A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Pe
8.8
HIGH
CVE-2025-11388
all versions
A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such
8.8
HIGH
CVE-2025-11387
all versions
A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_
8.8
HIGH
CVE-2025-11386
all versions
A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of
8.8
HIGH
CVE-2025-10443
all versions
A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeComma
8.8
HIGH
CVE-2025-10442
all versions
A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exe
6.3
MEDIUM
CVE-2025-55564
all versions
Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.
7.5
HIGH
CVE-2025-8979
all versions
A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_firew
6.6
MEDIUM
CVE-2025-5851
all versions
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvs
8.8
HIGH
CVE-2025-5850
all versions
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the functi
8.8
HIGH
CVE-2025-5849
all versions
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSa
8.8
HIGH
CVE-2025-5848
all versions
A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formS
8.8
HIGH
CVE-2025-3786
all versions
A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirel
8.8
HIGH
CVE-2025-29462
all versions
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadF
9.8
CRITICAL
CVE-2025-25634
all versions
A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControl
6.5
MEDIUM
CVE-2025-25632
all versions
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.
9.8
CRITICAL
CVE-2025-0566
all versions
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of th
8.8
HIGH
CVE-2024-10662
all versions
A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName
8.8
HIGH
CVE-2024-10661
all versions
A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDl
8.8
HIGH
CVE-2024-10280
all versions
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated
6.5
MEDIUM
CVE-2023-36103
all versions
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary
9.8
CRITICAL
CVE-2024-32303
all versions
Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW paramet
8.0
HIGH
CVE-2024-30840
all versions
A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter i
6.5
MEDIUM
CVE-2024-30645
all versions
Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.
8.0
HIGH
CVE-2024-30613
all versions
Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.
4.3
MEDIUM
CVE-2024-2855
all versions
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is
8.8
HIGH
CVE-2024-2852
all versions
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function
8.8
HIGH
CVE-2024-2851
all versions
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function
6.3
MEDIUM
CVE-2024-2850
all versions
A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentC
8.8
HIGH
CVE-2024-2817
all versions
A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the func
4.3
MEDIUM
CVE-2024-2816
all versions
A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function from
4.3
MEDIUM
CVE-2024-2815
all versions
A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler
8.8
HIGH
CVE-2024-2814
all versions
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpLis
8.8
HIGH
CVE-2024-2813
all versions
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function
8.8
HIGH
CVE-2024-2812
all versions
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function
6.3
MEDIUM
CVE-2024-2811
all versions
A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifi
8.8
HIGH
CVE-2024-2810
all versions
A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability
8.8
HIGH
CVE-2024-2809
all versions
A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function fo
8.8
HIGH
CVE-2024-2808
all versions
A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the
8.8
HIGH
CVE-2024-2807
all versions
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function
8.8
HIGH
CVE-2024-2806
all versions
A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiM
8.8
HIGH
CVE-2024-2805
all versions
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the f
8.8
HIGH
CVE-2023-39673
all versions
Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().
9.8
CRITICAL
CVE-2023-30378
all versions
In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability.
9.8
CRITICAL
CVE-2023-30376
all versions
In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability.
9.8
CRITICAL
CVE-2023-30375
all versions
In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability.
9.8
CRITICAL
CVE-2023-30373
all versions
In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability.
9.8
CRITICAL
CVE-2023-30372
all versions
In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability.
9.8
CRITICAL
CVE-2023-30371
all versions
In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability.
9.8
CRITICAL
CVE-2023-30370
all versions
In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability.
9.8
CRITICAL
CVE-2023-30369
all versions
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.
9.8
CRITICAL
CVE-2022-44156
all versions
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.
7.5
HIGH
CVE-2022-44169
all versions
Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.
7.5
HIGH
CVE-2022-44168
all versions
Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..
7.5
HIGH
CVE-2022-44167
all versions
Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.
7.5
HIGH
CVE-2022-43259
all versions
Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set fu
7.5
HIGH
CVE-2022-40851
all versions
Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.
9.8
CRITICAL
CVE-2022-40869
all versions
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined
9.8
CRITICAL
CVE-2022-40865
all versions
Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /gofo
9.8
CRITICAL
CVE-2022-40864
all versions
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the r
9.8
CRITICAL
CVE-2022-40862
all versions
Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the reques
9.8
CRITICAL
CVE-2022-40860
all versions
Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand-FUN_0007dd20 with request /g
9.8
CRITICAL
CVE-2022-40853
all versions
Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set
9.8
CRITICAL
CVE-2022-38326
all versions
Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via
9.8
CRITICAL
CVE-2022-38325
all versions
Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via
9.8
CRITICAL
CVE-2022-37175
all versions
Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.
9.8
CRITICAL
CVE-2022-28557
all versions
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE
9.8
CRITICAL
CVE-2022-28556
all versions
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in t
7.5
HIGH
CVE-2021-44971
all versions
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03
9.8
CRITICAL
CVE-2021-44352
all versions
A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post re
9.8
CRITICAL
CVE-2020-15916
all versions
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands
9.8
CRITICAL
CVE-2020-10989
all versions
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute mali
6.1
MEDIUM
CVE-2020-10988
all versions
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote at
9.8
CRITICAL
CVE-2020-10987
all versions
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system comm
9.8
CRITICAL
CVE-2020-10986
all versions
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the
6.5
MEDIUM
CVE-2020-13394
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13393
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13392
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13391
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13390
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2020-13389
all versions
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC
9.8
CRITICAL
CVE-2018-18732
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18731
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18730
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18729
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
9.8
CRITICAL
CVE-2018-18728
all versions
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They all
9.8
CRITICAL
CVE-2018-18727
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18709
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18708
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18707
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-18706
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-16333
all versions
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and A
7.5
HIGH
CVE-2018-14492
<= 15.03.05.19_cn
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based
7.5
HIGH
CVE-2018-5768
all versions
A remote, unauthenticated attacker can gain remote code execution on the Tenda AC15 router with a specially crafted password p
9.8
CRITICAL
CVE-2018-5770
all versions
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a
9.8
CRITICAL
CVE-2018-5767
all versions
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution
9.8
CRITICAL
CVE-2017-16936
all versions
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03
6.5
MEDIUM
CVE-2017-16923
all versions
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.0
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin