Tenda AC7/AC18 SetLEDCfg formSetSchedLed buffer overflow_CVE-2025-9023

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-9023

Source VulDB

Published Aug 15, 2025 at 08:32

Affected Product

Vendor Tenda

Product AC7

Version 15.03.05.19

Affected Versions Tenda AC7 15.03.05.19
Tenda AC7 15.03.06.44
Tenda AC18 15.03.05.19
Tenda AC18 15.03.06.44

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-08-15T08:32:07.431Z",
    "modified": "2025-08-15T08:32:07.431Z",
    "type": "cve",
    "title": "Tenda AC7/AC18 SetLEDCfg formSetSchedLed buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320088\nhttps://vuldb.com/?ctiid.320088\nhttps://vuldb.com/?submit.629692\nhttps://vuldb.com/?submit.629696\nhttps://github.com/zezhifu1/cve_report/blob/main/AC7/formsetschedled.md\nhttps://github.com/zezhifu1/cve_report/blob/main/AC18/formsetschedled.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-9023",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC7 15.03.05.19\nTenda AC7 15.03.06.44\nTenda AC18 15.03.05.19\nTenda AC18 15.03.06.44",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC7",
    "version": "15.03.05.19",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}