Description
A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
Published: 2026-06-08
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can craft a malicious callback argument to the sub_45304 function in /goform/getRebootStatus, causing a stack‑based buffer overflow. This flaw, identified as CWE‑119 and CWE‑121, allows the attacker to overwrite return pointers on the stack and gain control of the device, potentially executing arbitrary code from a remote source.

Affected Systems

The vulnerability affects Tenda AC18 routers running firmware 15.03.05.05. No other firmware versions are reported as vulnerable at this time.

Risk and Exploitability

The CVSS score of 8.7 signifies high severity. The EPSS score is unavailable, indicating no publicly available data on exploitation likelihood, and the vulnerability is not listed in CISA KEV. Attackers can exploit this flaw remotely via the web management interface, and public proof‑of‑concept exploits have been published, confirming that exploitation is feasible and could be used in the wild.

Generated by OpenCVE AI on June 8, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Tenda firmware that contains the fix for the getRebootStatus buffer overflow
  • Restrict access to the router’s web management interface by configuring firewall rules or enabling IP filtering
  • Monitor the device for unexpected reboots or anomalous traffic that may indicate an exploitation attempt

Generated by OpenCVE AI on June 8, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac18
Vendors & Products Tenda ac18

Mon, 08 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
Title Tenda AC18 Web Management getRebootStatus sub_45304 stack-based overflow
First Time appeared Tenda
Tenda ac18 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:ac18_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac18 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Ac18 Ac18 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-09T14:35:55.593Z

Reserved: 2026-06-07T19:42:14.647Z

Link: CVE-2026-11528

cve-icon Vulnrichment

Updated: 2026-06-09T14:27:16.690Z

cve-icon NVD

Status : Deferred

Published: 2026-06-08T16:16:37.473

Modified: 2026-06-09T01:34:33.987

Link: CVE-2026-11528

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T16:30:06Z

Weaknesses