Sign-up

ID

VAR-202407-0745


CVE

CVE-2024-33180


TITLE

Tenda  of  AC18  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-004512

DESCRIPTION

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. Tenda of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villas and large homes. This vulnerability stems from the failure to properly validate the length of the input data in the deviceId parameter of the ip/goform/saveParentControlInfo function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-33180 // JVNDB: JVNDB-2024-004512 // CNVD: CNVD-2025-23122

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-23122

AFFECTED PRODUCTS

vendor:tendacnmodel:ac18scope:eqversion:15.03.3.10

Trust: 1.0

vendor:tendamodel:ac18scope: - version: -

Trust: 0.8

vendor:tendamodel:ac18scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac18scope:eqversion:ac18 firmware 15.03.3.10

Trust: 0.8

vendor:tendamodel:ac18 15.03.3.10 enscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-23122 // JVNDB: JVNDB-2024-004512 // NVD: CVE-2024-33180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-33180
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-33180
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-33180
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-23122
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-23122
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-33180
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-33180
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-23122 // JVNDB: JVNDB-2024-004512 // NVD: CVE-2024-33180 // NVD: CVE-2024-33180

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-004512 // NVD: CVE-2024-33180

PATCH

title:Patch for Tenda AC18 ip/goform/saveParentControlInfo interface buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/740531

Trust: 0.6

sources: CNVD: CNVD-2025-23122

EXTERNAL IDS

db:NVDid:CVE-2024-33180

Trust: 3.2

db:JVNDBid:JVNDB-2024-004512

Trust: 0.8

db:CNVDid:CNVD-2025-23122

Trust: 0.6

sources: CNVD: CNVD-2025-23122 // JVNDB: JVNDB-2024-004512 // NVD: CVE-2024-33180

REFERENCES

url:https://palm-vertebra-fe9.notion.site/saveparentcontrolinfo_1-7c9695d0251945ae8006db705b9b80ac

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2024-33180

Trust: 0.8

sources: CNVD: CNVD-2025-23122 // JVNDB: JVNDB-2024-004512 // NVD: CVE-2024-33180

SOURCES

db:CNVDid:CNVD-2025-23122
db:JVNDBid:JVNDB-2024-004512
db:NVDid:CVE-2024-33180

LAST UPDATE DATE

2025-10-10T23:33:01.064000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-23122date:2025-10-09T00:00:00
db:JVNDBid:JVNDB-2024-004512date:2024-07-22T05:25:00
db:NVDid:CVE-2024-33180date:2024-08-01T13:51:44.097

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-23122date:2025-10-09T00:00:00
db:JVNDBid:JVNDB-2024-004512date:2024-07-22T00:00:00
db:NVDid:CVE-2024-33180date:2024-07-16T16:15:04.767