CVE Details
Basic Information
| Title | Tenda AC5 SetRebootTimer formSetRebootTimer stack-based overflow |
|---|---|
| Type | cve |
| Published | 2025-06-09T05:31:07.242Z |
| Last Seen |
Product Information
| Vendor | Tenda |
|---|---|
| Product | AC5 |
| Version | 15.03.06.47 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical stack-based buffer overflow vulnerability in Tenda AC5 routers allows remote attackers to exploit the formSetRebootTimer function via the rebootTime argument. This can lead to remote code execution and system compromise. The exploit is publicly available, increasing the risk of attack. |
|---|---|
| AI Severity | Critical |
| Vendor | Tenda |
| Product | Tenda AC5 |
| Affected Version | 15.03.06.47 |
Affected Products
- Tenda AC5 15.03.06.47
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-121, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.