CVE Details
Basic Information
| Title | Tenda AC9 POST Request AdvSetLanip fromadvsetlanip buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-07T17:31:13.113Z |
| Last Seen |
Product Information
| Vendor | Tenda |
|---|---|
| Product | AC9 |
| Version | 15.03.02.13 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical buffer overflow vulnerability in Tenda AC9 routers allows remote attackers to execute arbitrary code via the AdvSetLanip function. This issue is highly severe due to its potential for remote exploitation without user interaction. |
|---|---|
| AI Severity | High |
| Vendor | Tenda |
| Product | AC9 |
| Affected Version | 15.03.02.13 |
Affected Products
- Tenda AC9 15.03.02.13
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.