Tenda W18e_firmware
15 CVEs affecting Tenda W18e_firmware. Latest disclosed: 2025-05-28. Critical: 3, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-45343 | Critical | 9.8 | 2025-05-28 | An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmod… |
CVE-2023-46370 | Critical | 9.8 | 2023-10-25 | Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. |
CVE-2023-46369 | Critical | 9.8 | 2023-10-25 | Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. |
CVE-2024-46434 | High | 8.8 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative acc… |
CVE-2024-46433 | High | 8.8 | 2025-02-10 | A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the defaul… |
CVE-2024-46432 | High | 8.8 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogi… |
CVE-2024-46429 | High | 8.8 | 2025-02-10 | A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a defaul… |
CVE-2024-46436 | High | 8.3 | 2025-02-10 | Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. |
CVE-2024-46435 | High | 8.0 | 2025-02-10 | A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or… |
CVE-2024-46431 | High | 8.0 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending sp… |
CVE-2025-29218 | Medium | 6.5 | 2025-03-20 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to c… |
CVE-2025-29217 | Medium | 6.5 | 2025-03-20 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to… |
CVE-2024-46437 | Medium | 6.5 | 2025-02-10 | A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve… |
CVE-2024-46430 | Medium | 6.5 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated rem… |
CVE-2025-3203 | Medium | 4.3 | 2025-04-04 | A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /go… |