CVE 8.7 HIGH

Tenda AC8 DatabaseIniSet buffer overflow_CVE-2025-12618

November 3, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AI Analysis

Buffer overflow vulnerability in Tenda AC8 16.03.34.06 via the Time argument in the /goform/DatabaseIniSet file, allowing remote attacks.

Basic Information

ID CVE-2025-12618

Source VulDB

Published Nov 3, 2025 at 06:32

Affected Product

Vendor Tenda

Product AC8

Version 16.03.34.06

Affected Versions Tenda AC8 16.03.34.06

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC8

Version 16.03.34.06

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-11-03T06:32:13.198Z",
    "modified": "2025-11-03T06:32:13.198Z",
    "type": "cve",
    "title": "Tenda AC8 DatabaseIniSet buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.330912\nhttps://vuldb.com/?ctiid.330912\nhttps://vuldb.com/?submit.678887\nhttps://www.yuque.com/ba1ma0-an29k/nnxoap/ow5xrpw56dqsgtdy?singleDoc\nhttps://pan.baidu.com/s/11fdpTujKw6Xz0yPE2l4cMw\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-12618",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC8 16.03.34.06",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC8",
    "version": "16.03.34.06",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC8 16.03.34.06 via the Time argument in the /goform/DatabaseIniSet file, allowing remote attacks.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC8",
    "ai_version": "16.03.34.06",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply