What is CVE-2022-38313?

A critical stack overflow vulnerability found in the Tenda AC18 router firmware versions 15.03.05.19 and 15.03.05.05 poses significant risks. Immediate action is necessary to mitigate potential exploitation.

What is the severity of CVE-2022-38313?

CVE-2022-38313 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2022-38313 | Critical Vulnerability in Tenda AC18 Router

Tenda AC18 router versions 15.03.05.19 and 15.03.05.05 contain a critical stack overflow vulnerability triggered via the time parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to exploit the router through network interactions, leading to severe impacts on confidentiality, integrity, and availability.

With a CVSS score of 9.8, this vulnerability is classified as critical. It demonstrates low attack complexity and requires no privileges or user interaction for exploitation. The risk to organizations includes potential unauthorized access, data manipulation, and disruption of services.

Currently, there are no known exploits or public proofs of concept available. However, organizations should prioritize patching immediately to mitigate this critical risk.

Security teams are advised to stay vigilant and monitor for any signs of exploitation related to this vulnerability. Immediate action is essential to protect network environments.

Vulnerability Details

The vulnerability is characterized by a stack overflow caused by improper handling of the time parameter in the Tenda AC18 router's firmware. The affected versions are v15.03.05.05 and v15.03.05.19, disclosed on September 7, 2022. The specific CWE classification for this issue is CWE-787.

Technical Analysis

The root cause of this vulnerability lies in the way the Tenda AC18 router processes input parameters. An attacker can craft a malicious request that exploits the stack overflow, allowing arbitrary code execution or denial of service.

The attack vector is network-based, meaning that it can be executed remotely without physical access to the device. The attack complexity is low, requiring no special privileges or user interaction, making it particularly dangerous.

The impacts on confidentiality, integrity, and availability are high, as successful exploitation can lead to complete takeover of the device, unauthorized data access, and disruption of network services.

Risk & Impact Analysis

Organizations using the Tenda AC18 router should assess the real-world deployment risk associated with this vulnerability. The critical nature of this flaw means that attackers could exploit it to gain unauthorized access to sensitive information or disrupt operations.

The blast radius for this vulnerability is significant, given that many organizations may deploy Tenda routers within their infrastructure. Organizations should prioritize this issue based on its high CVSS score and the absence of known fixes.

Given that this vulnerability is not currently listed in the KEV catalog, it is imperative to analyze and monitor potential exploitation patterns closely.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the Tenda AC18 router firmware are v15.03.05.05 and v15.03.05.19. Organizations should apply the latest patches to mitigate this vulnerability.

Mitigation & Remediation

Organizations should verify the version of their Tenda AC18 router firmware and upgrade to the latest version to remediate this vulnerability. If an update is not available, implement network controls to restrict access to the router.

Further, organizations may consider employing penetration testing services to identify any additional vulnerabilities in their network configurations.

Detection Guidance

Monitoring logs for unusual requests to the /goform/saveParentControlInfo endpoint can help detect attempts to exploit this vulnerability. Additionally, organizations should look for any behavioral anomalies in network traffic indicative of exploitation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2022-38313 illustrates the importance of secure coding practices in firmware development. It highlights the need for organizations to maintain a robust vulnerability management program to ensure that similar vulnerabilities can be swiftly identified and remediated.

As a strategic takeaway, organizations should prioritize continuous penetration testing and security assessments to fortify their defenses against emerging threats.

Investing in comprehensive security training for development teams can also reduce the risk of vulnerabilities being introduced in future software releases.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-38313: Critical Vulnerability in Tenda AC18 Router