CVE 8.7 HIGH

Tenda AC10 SysRunCmd formSysRunCmd buffer overflow_CVE-2025-12622

November 3, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

AI Analysis

Buffer overflow vulnerability in Tenda AC10 via the formSysRunCmd function, allowing remote attacks.

Basic Information

ID CVE-2025-12622

Source VulDB

Published Nov 3, 2025 at 07:32

Affected Product

Vendor Tenda

Product AC10

Version 16.03.10.13

Affected Versions Tenda AC10 16.03.10.13

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC10

Version 16.03.10.13

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-11-03T07:32:13.624Z",
    "modified": "2025-11-03T07:32:13.624Z",
    "type": "cve",
    "title": "Tenda AC10 SysRunCmd formSysRunCmd buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.330914\nhttps://vuldb.com/?ctiid.330914\nhttps://vuldb.com/?submit.678889\nhttps://www.yuque.com/ba1ma0-an29k/nnxoap/rg8eug0zk8ep3zne?singleDoc\nhttps://pan.baidu.com/s/1Jl1zy5niigg1XYm8ZCh_Lg\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-12622",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC10 16.03.10.13",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC10",
    "version": "16.03.10.13",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC10 via the formSysRunCmd function, allowing remote attacks.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC10",
    "ai_version": "16.03.10.13",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply