CVE-2022-38326 The Tenda AC15 and AC18 routers were discovered to have a buffer overflow via the page parameter at /goform/NatStaticSetting.

This vulnerability could allow execution of code on the device or cause denial of service. It is advised to update the device as soon as possible to avoid any vulnerability exploits.

Another serious issue with the Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi was the presence of multiple hard-coded password credentials that are stored in plain text.

The hard-coded password was “admin” for the “root” account for the web configuration interface, “admin” for the “backup” account for the web configuration interface, and “admin” for the “ftp” account for the web configuration interface.

It is highly recommended that the password for the “root”, “admin”, and “backup” accounts be changed as soon as possible to prevent any possible security incident.

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi


A vulnerability affecting a Tenda router was discovered, with CVE-2022-38326 as the identifier for this vulnerability.
This vulnerability could allow execution of code on the device or cause denial of service. It is advised to update the device as soon as possible to avoid any vulnerability exploits.

Confusion between b and n keys in Tenda AC18 WiFi Router V15.03.05.19_multi

This vulnerability has been fixed in the latest firmware update. The affected Tenda AC18 WiFi Router V15.03.05.19_multi had a lack of an icon on the web configuration interface that showed the key press sequence for changing between b and n keys to create a new password, which led to confusion and password retries for users.

Timeline

Published on: 09/15/2022 20:15:00 UTC
Last modified on: 09/19/2022 17:58:00 UTC

References