Tenda AC23 SetStaticRouteCfg sscanf buffer overflow_CVE-2025-11356

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2025-11356

Source VulDB

Published Oct 7, 2025 at 07:02

Affected Product

Vendor Tenda

Product AC23

Version 16.03.07.0

Affected Versions Tenda AC23 16.03.07.0
Tenda AC23 16.03.07.1
Tenda AC23 16.03.07.2
Tenda AC23 16.03.07.3
Tenda AC23 16.03.07.4
Tenda AC23 16.03.07.5
Tenda AC23 16.03.07.6
Tenda AC23 16.03.07.7
Tenda AC23 16.03.07.8
Tenda AC23 16.03.07.9
Tenda AC23 16.03.07.10
Tenda AC23 16.03.07.11
Tenda AC23 16.03.07.12
Tenda AC23 16.03.07.13
Tenda AC23 16.03.07.14
Tenda AC23 16.03.07.15
Tenda AC23 16.03.07.16
Tenda AC23 16.03.07.17
Tenda AC23 16.03.07.18
Tenda AC23 16.03.07.19
Tenda AC23 16.03.07.20
Tenda AC23 16.03.07.21
Tenda AC23 16.03.07.22
Tenda AC23 16.03.07.23
Tenda AC23 16.03.07.24
Tenda AC23 16.03.07.25
Tenda AC23 16.03.07.26
Tenda AC23 16.03.07.27
Tenda AC23 16.03.07.28
Tenda AC23 16.03.07.29
Tenda AC23 16.03.07.30
Tenda AC23 16.03.07.31
Tenda AC23 16.03.07.32
Tenda AC23 16.03.07.33
Tenda AC23 16.03.07.34
Tenda AC23 16.03.07.35
Tenda AC23 16.03.07.36
Tenda AC23 16.03.07.37
Tenda AC23 16.03.07.38
Tenda AC23 16.03.07.39
Tenda AC23 16.03.07.40
Tenda AC23 16.03.07.41
Tenda AC23 16.03.07.42
Tenda AC23 16.03.07.43
Tenda AC23 16.03.07.44
Tenda AC23 16.03.07.45
Tenda AC23 16.03.07.46
Tenda AC23 16.03.07.47
Tenda AC23 16.03.07.48
Tenda AC23 16.03.07.49
Tenda AC23 16.03.07.50
Tenda AC23 16.03.07.51
Tenda AC23 16.03.07.52

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.",
    "published": "2025-10-07T07:02:07.348Z",
    "modified": "2025-10-07T07:02:07.348Z",
    "type": "cve",
    "title": "Tenda AC23 SetStaticRouteCfg sscanf buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327241\nhttps://vuldb.com/?ctiid.327241\nhttps://vuldb.com/?submit.664923\nhttps://github.com/cymiao1978/cve/blob/main/12.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-11356",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC23 16.03.07.0\nTenda AC23 16.03.07.1\nTenda AC23 16.03.07.2\nTenda AC23 16.03.07.3\nTenda AC23 16.03.07.4\nTenda AC23 16.03.07.5\nTenda AC23 16.03.07.6\nTenda AC23 16.03.07.7\nTenda AC23 16.03.07.8\nTenda AC23 16.03.07.9\nTenda AC23 16.03.07.10\nTenda AC23 16.03.07.11\nTenda AC23 16.03.07.12\nTenda AC23 16.03.07.13\nTenda AC23 16.03.07.14\nTenda AC23 16.03.07.15\nTenda AC23 16.03.07.16\nTenda AC23 16.03.07.17\nTenda AC23 16.03.07.18\nTenda AC23 16.03.07.19\nTenda AC23 16.03.07.20\nTenda AC23 16.03.07.21\nTenda AC23 16.03.07.22\nTenda AC23 16.03.07.23\nTenda AC23 16.03.07.24\nTenda AC23 16.03.07.25\nTenda AC23 16.03.07.26\nTenda AC23 16.03.07.27\nTenda AC23 16.03.07.28\nTenda AC23 16.03.07.29\nTenda AC23 16.03.07.30\nTenda AC23 16.03.07.31\nTenda AC23 16.03.07.32\nTenda AC23 16.03.07.33\nTenda AC23 16.03.07.34\nTenda AC23 16.03.07.35\nTenda AC23 16.03.07.36\nTenda AC23 16.03.07.37\nTenda AC23 16.03.07.38\nTenda AC23 16.03.07.39\nTenda AC23 16.03.07.40\nTenda AC23 16.03.07.41\nTenda AC23 16.03.07.42\nTenda AC23 16.03.07.43\nTenda AC23 16.03.07.44\nTenda AC23 16.03.07.45\nTenda AC23 16.03.07.46\nTenda AC23 16.03.07.47\nTenda AC23 16.03.07.48\nTenda AC23 16.03.07.49\nTenda AC23 16.03.07.50\nTenda AC23 16.03.07.51\nTenda AC23 16.03.07.52",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC23",
    "version": "16.03.07.0",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}