External risk intelligence

Tenda AC18 Firmware Remote Command Execution

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2022-35201

The product is a consumer-grade wireless router. These devices are commonly deployed as internet edge gateways, often exposing management interfaces or services to the public internet, making them a common target for external network-based access.

Tenda Ac18 Firmware

15.03.05.05

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability was discovered in Tenda's AC18 firmware, potentially allowing unauthorized remote command execution. This type of issue could affect the security and integrity of network devices if exploited. The primary concern at this time is to confirm if this specific technology is in use and, if so, to what extent it might be exposed.

  • Remote control vulnerability in network devices.
  • High-impact potential requires awareness.
  • Confirm relevance and exposure to Tenda AC18.

Attack Path

How an attacker could exploit the issue

An attacker can remotely exploit this vulnerability by sending specially crafted requests to the affected device over the network. This could allow them to execute arbitrary commands, potentially leading to full control of the device.

  • Network access is required.
  • Specially crafted requests trigger the flaw.
  • Full device control is possible.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to execute arbitrary commands on the affected device, potentially impacting its normal operation and any data it processes or stores. The attack vector is network-based, meaning the device may be vulnerable when connected to the internet without requiring user interaction or any special privileges.

  • Affected device control.
  • Remote network access.
  • Disruption of network services.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability affects Tenda AC18 devices, likely managed by network or infrastructure teams. The first step is to identify all deployed AC18 units, confirm their network exposure and business criticality, and assign an owner for remediation planning.

  • Network/Infrastructure teams own the issue.
  • Verify device exposure and criticality first.
  • Plan remediation based on confirmed risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Tenda AC18?

The Tenda AC18 is a consumer-grade wireless router designed to provide home or small office networking capabilities. It manages data traffic between connected devices and the internet. Because it acts as a gateway, it sits at the edge of a network, handling the routing and wireless connectivity functions for its users.

What does this RCE vulnerability mean?

RCE stands for Remote Command Execution. It is a critical weakness that allows an attacker to send unauthorized instructions to the router over the network. If successful, the attacker can force the device to execute arbitrary commands, potentially granting them full control over the router's functions and the traffic flowing through it.

How is this vulnerability triggered?

An attacker triggers this flaw by sending specially crafted network requests to the router. Because the vulnerability does not require user interaction, an attacker does not need to log in or hold special privileges to initiate the command execution. Simply sending the malicious request to an reachable device is sufficient to attempt the exploit.

Is my Tenda AC18 at risk?

Halo Surface Signal indicates that because the Tenda AC18 is a wireless router, it is often deployed as an internet edge gateway. This means management interfaces or services may be directly reachable from the public internet, increasing the likelihood that the device is accessible to external network-based threats compared to internal-only equipment.

What should I do if I use this router?

Start by identifying all Tenda AC18 units within your environment. Confirm their current network configuration to see if they are reachable from the internet or restricted to internal traffic. Once identified, assign an owner to oversee the device and plan for necessary security updates or configuration changes to mitigate the risk of unauthorized remote access.