CVE 8.7 HIGH

Tenda AC23 saveParentControlInfo buffer overflow_CVE-2025-12596

November 2, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

AI Analysis

Buffer overflow vulnerability in Tenda AC23 due to improper input validation in the saveParentControlInfo function, allowing remote attackers to exploit the issue.

Basic Information

ID CVE-2025-12596

Source VulDB

Published Nov 2, 2025 at 10:32

Affected Product

Vendor Tenda

Product AC23

Version 16.03.07.52

Affected Versions Tenda AC23 16.03.07.52

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC23

Version 16.03.07.52

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2025-11-02T10:32:06.299Z",
    "modified": "2025-11-02T10:32:06.299Z",
    "type": "cve",
    "title": "Tenda AC23 saveParentControlInfo buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.330891\nhttps://vuldb.com/?ctiid.330891\nhttps://vuldb.com/?submit.677585\nhttps://github.com/LX-LX88/cve/issues/9\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-12596",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC23 16.03.07.52",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC23",
    "version": "16.03.07.52",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC23 due to improper input validation in the saveParentControlInfo function, allowing remote attackers to exploit the issue.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC23",
    "ai_version": "16.03.07.52",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply