CVE-2025-63834

Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.05 multi

Description A stored cross-site scripting (XSS) issue exists in Tenda AC18. The issue is located in the ssid parameter within the wireless settings. An attacker can inject malicious payloads that will execute when a user visits the router’s homepage.

Recommendations Update Tenda AC18 to a version that addresses this issue. As a temporary workaround, sanitize the ssid parameter to prevent the injection of malicious scripts.