Tenda W18e_firmware

15 CVEs affecting Tenda W18e_firmware. Latest disclosed: 2025-05-28. Critical: 3, High: 7.

Top CVEs affecting Tenda W18e_firmware
CVESeverityScorePublishedSummary
CVE-2025-45343Critical9.82025-05-28An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmod…
CVE-2023-46370Critical9.82023-10-25Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.
CVE-2023-46369Critical9.82023-10-25Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.
CVE-2024-46434High8.82025-02-10Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative acc…
CVE-2024-46433High8.82025-02-10A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the defaul…
CVE-2024-46432High8.82025-02-10Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogi…
CVE-2024-46429High8.82025-02-10A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a defaul…
CVE-2024-46436High8.32025-02-10Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
CVE-2024-46435High8.02025-02-10A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or…
CVE-2024-46431High8.02025-02-10Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending sp…
CVE-2025-29218Medium6.52025-03-20Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to c…
CVE-2025-29217Medium6.52025-03-20Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to…
CVE-2024-46437Medium6.52025-02-10A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve…
CVE-2024-46430Medium6.52025-02-10Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated rem…
CVE-2025-3203Medium4.32025-04-04A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /go…