Vulnerabilites related to tenda - w12
CVE-2025-3820 (GCVE-0-2025-3820)
Vulnerability from cvelistv5
Published
2025-04-19 20:31
Modified
2025-04-21 14:41
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.305726 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.305726 | signature, permissions-required | |
| https://vuldb.com/?submit.555728 | third-party-advisory | |
| https://github.com/02Tn/vul/issues/4 | exploit, issue-tracking | |
| https://www.tenda.com.cn/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3820",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T14:40:46.323681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T14:41:40.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "W12",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "3.0.0.4(2887)"
},
{
"status": "affected",
"version": "3.0.0.5(3644)"
}
]
},
{
"product": "i24",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "3.0.0.4(2887)"
},
{
"status": "affected",
"version": "3.0.0.5(3644)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "T1an (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion cgiSysUplinkCheckSet der Datei /bin/httpd. Durch die Manipulation des Arguments hostIp1/hostIp2 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-19T20:31:06.957Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-305726 | Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.305726"
},
{
"name": "VDB-305726 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.305726"
},
{
"name": "Submit #555728 | Tenda w12,i24 w12 V3.0.0.5(3644) and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.555728"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/02Tn/vul/issues/4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-19T02:00:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3820",
"datePublished": "2025-04-19T20:31:06.957Z",
"dateReserved": "2025-04-18T23:55:24.153Z",
"dateUpdated": "2025-04-21T14:41:40.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3802 (GCVE-0-2025-3802)
Vulnerability from cvelistv5
Published
2025-04-19 14:31
Modified
2025-04-21 14:58
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.305656 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.305656 | signature, permissions-required | |
| https://vuldb.com/?submit.554746 | third-party-advisory | |
| https://github.com/02Tn/vul/issues/2 | exploit, issue-tracking | |
| https://www.tenda.com.cn/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T14:57:48.520757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T14:58:30.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "W12",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "3.0.0.4(2887)"
},
{
"status": "affected",
"version": "3.0.0.5(3644)"
}
]
},
{
"product": "i24",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "3.0.0.4(2887)"
},
{
"status": "affected",
"version": "3.0.0.5(3644)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "T1an (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion cgiPingSet der Datei /bin/httpd. Durch Beeinflussen des Arguments pingIP mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-19T14:31:05.921Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-305656 | Tenda W12/i24 httpd cgiPingSet stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.305656"
},
{
"name": "VDB-305656 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.305656"
},
{
"name": "Submit #554746 | Tenda w12 and i24 w12 V3.0.0.5(3644) and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.554746"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/02Tn/vul/issues/2"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-18T16:24:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda W12/i24 httpd cgiPingSet stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3802",
"datePublished": "2025-04-19T14:31:05.921Z",
"dateReserved": "2025-04-18T14:19:21.810Z",
"dateUpdated": "2025-04-21T14:58:30.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4007 (GCVE-0-2025-4007)
Vulnerability from cvelistv5
Published
2025-04-28 07:31
Modified
2025-04-28 16:16
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.306343 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.306343 | signature, permissions-required | |
| https://vuldb.com/?submit.558165 | third-party-advisory | |
| https://github.com/02Tn/vul/issues/5 | exploit, issue-tracking | |
| https://www.tenda.com.cn/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4007",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T16:14:43.208818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:16:02.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"httpd"
],
"product": "W12",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "3.0.0.4(2887)"
},
{
"status": "affected",
"version": "3.0.0.5(3644)"
}
]
},
{
"modules": [
"httpd"
],
"product": "i24",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "3.0.0.4(2887)"
},
{
"status": "affected",
"version": "3.0.0.5(3644)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "T1an (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion cgidhcpsCfgSet der Datei /goform/modules der Komponente httpd. Durch Manipulation des Arguments json mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T07:31:05.788Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306343 | Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306343"
},
{
"name": "VDB-306343 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306343"
},
{
"name": "Submit #558165 | Tenda w12,i24 w12 V3.0.0.5(3644) and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.558165"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/02Tn/vul/issues/5"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T11:23:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4007",
"datePublished": "2025-04-28T07:31:05.788Z",
"dateReserved": "2025-04-26T09:18:43.117Z",
"dateUpdated": "2025-04-28T16:16:02.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3693 (GCVE-0-2025-3693)
Vulnerability from cvelistv5
Published
2025-04-16 14:00
Modified
2025-04-16 14:27
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.304982 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.304982 | signature, permissions-required | |
| https://vuldb.com/?submit.553526 | third-party-advisory | |
| https://github.com/02Tn/vul/issues/1 | exploit, issue-tracking | |
| https://www.tenda.com.cn/ | broken-link, product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3693",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T14:27:04.356307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:27:17.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "W12",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "3.0.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "T1an (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda W12 3.0.0.5 ausgemacht. Dies betrifft die Funktion cgiWifiRadioSet der Datei /bin/httpd. Durch das Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:00:20.712Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304982 | Tenda W12 httpd cgiWifiRadioSet stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.304982"
},
{
"name": "VDB-304982 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304982"
},
{
"name": "Submit #553526 | Tenda w12 \u003c=V3.0si_V3.0.0.5 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.553526"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/02Tn/vul/issues/1"
},
{
"tags": [
"broken-link",
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-16T03:42:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda W12 httpd cgiWifiRadioSet stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3693",
"datePublished": "2025-04-16T14:00:20.712Z",
"dateReserved": "2025-04-16T01:37:36.909Z",
"dateUpdated": "2025-04-16T14:27:17.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3803 (GCVE-0-2025-3803)
Vulnerability from cvelistv5
Published
2025-04-19 15:00
Modified
2025-04-21 02:34
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.305657 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.305657 | signature, permissions-required | |
| https://vuldb.com/?submit.554756 | third-party-advisory | |
| https://github.com/02Tn/vul/issues/3 | exploit, issue-tracking | |
| https://www.tenda.com.cn/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T02:33:57.069075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T02:34:15.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "W12",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "3.0.0.4(2887)"
},
{
"status": "affected",
"version": "3.0.0.5(3644)"
}
]
},
{
"product": "i24",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "3.0.0.4(2887)"
},
{
"status": "affected",
"version": "3.0.0.5(3644)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "T1an (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion cgiSysScheduleRebootSet der Datei /bin/httpd. Dank der Manipulation des Arguments rebootDate mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-19T15:00:15.751Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-305657 | Tenda W12/i24 httpd cgiSysScheduleRebootSet stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.305657"
},
{
"name": "VDB-305657 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.305657"
},
{
"name": "Submit #554756 | Tenda w12,i24 w12 V3.0.0.5(3644) and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.554756"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/02Tn/vul/issues/3"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-18T16:24:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda W12/i24 httpd cgiSysScheduleRebootSet stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3803",
"datePublished": "2025-04-19T15:00:15.751Z",
"dateReserved": "2025-04-18T14:19:24.447Z",
"dateUpdated": "2025-04-21T02:34:15.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9778 (GCVE-0-2025-9778)
Vulnerability from cvelistv5
Published
2025-09-01 12:02
Modified
2025-09-02 15:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.322080 | vdb-entry | |
| https://vuldb.com/?ctiid.322080 | signature, permissions-required | |
| https://vuldb.com/?submit.640969 | third-party-advisory | |
| https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md | related | |
| https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce | exploit | |
| https://www.tenda.com.cn/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:27:55.530662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T15:09:50.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Administrative Interface"
],
"product": "W12",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.1(5411)"
},
{
"status": "affected",
"version": "1.0.0.5(9419)"
},
{
"status": "affected",
"version": "2.0.0.3(8326)"
},
{
"status": "affected",
"version": "2.0.0.6(10720)"
},
{
"status": "affected",
"version": "3.0.0.5(3644)"
},
{
"status": "affected",
"version": "3.0.0.6(3948)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda W12 bis 3.0.0.6(3948) gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Beeinflussen mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 1.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 1.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 0.8,
"vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T12:02:08.108Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322080 | Tenda W12 Administrative shadow hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.322080"
},
{
"name": "VDB-322080 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322080"
},
{
"name": "Submit #640969 | Tenda AP W12 V1/V2/V3 Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.640969"
},
{
"tags": [
"related"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T07:09:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda W12 Administrative shadow hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9778",
"datePublished": "2025-09-01T12:02:08.108Z",
"dateReserved": "2025-09-01T05:04:51.235Z",
"dateUpdated": "2025-09-02T15:09:50.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-04-28 08:15
Modified
2025-07-30 18:57
Severity ?
Summary
A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/02Tn/vul/issues/5 | Exploit, Issue Tracking, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.306343 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.306343 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.558165 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | w12_firmware | 3.0.0.4\(2887\) | |
| tenda | w12 | - | |
| tenda | w12_firmware | 3.0.0.5\(3644\) | |
| tenda | w12 | - | |
| tenda | i24_firmware | 3.0.0.4\(2887\) | |
| tenda | i24 | - | |
| tenda | i24_firmware | 3.0.0.5\(3644\) | |
| tenda | i24 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.4\\(2887\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A79FCEB8-7463-404D-9070-056CFA0A09EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.5\\(3644\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7305B22D-3176-4EE3-B717-ABED6B941F46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:i24_firmware:3.0.0.4\\(2887\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3EEECB34-D194-4EF3-80C8-542534E0C8FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:i24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734CD236-AD9B-4232-96F6-07A324472B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:i24_firmware:3.0.0.5\\(3644\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A4E9F82-3B43-4A09-8C3F-CF7949CD0C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:i24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734CD236-AD9B-4232-96F6-07A324472B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en Tenda W12 e i24 3.0.0.4(2887)/3.0.0.5(3644). Esta vulnerabilidad afecta a la funci\u00f3n cgidhcpsCfgSet del archivo /goform/modules del componente httpd. La manipulaci\u00f3n del argumento json provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-4007",
"lastModified": "2025-07-30T18:57:09.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-04-28T08:15:16.117",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/02Tn/vul/issues/5"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.306343"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.306343"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.558165"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-19 15:15
Modified
2025-07-30 18:57
Severity ?
Summary
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/02Tn/vul/issues/2 | Exploit, Issue Tracking, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.305656 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.305656 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.554746 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | w12_firmware | 3.0.0.4\(2887\) | |
| tenda | w12 | - | |
| tenda | w12_firmware | 3.0.0.5\(3644\) | |
| tenda | w12 | - | |
| tenda | i24_firmware | 3.0.0.4\(2887\) | |
| tenda | i24 | - | |
| tenda | i24_firmware | 3.0.0.5\(3644\) | |
| tenda | i24 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.4\\(2887\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A79FCEB8-7463-404D-9070-056CFA0A09EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.5\\(3644\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7305B22D-3176-4EE3-B717-ABED6B941F46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:i24_firmware:3.0.0.4\\(2887\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3EEECB34-D194-4EF3-80C8-542534E0C8FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:i24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734CD236-AD9B-4232-96F6-07A324472B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:i24_firmware:3.0.0.5\\(3644\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A4E9F82-3B43-4A09-8C3F-CF7949CD0C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:i24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734CD236-AD9B-4232-96F6-07A324472B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tenda W12 e i24 3.0.0.4(2887)/3.0.0.5(3644). Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n cgiPingSet del archivo /bin/httpd. La manipulaci\u00f3n del argumento pingIP provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-3802",
"lastModified": "2025-07-30T18:57:42.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-04-19T15:15:46.073",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/02Tn/vul/issues/2"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.305656"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.305656"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.554746"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-19 15:15
Modified
2025-07-30 18:57
Severity ?
Summary
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/02Tn/vul/issues/3 | Exploit, Issue Tracking, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.305657 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.305657 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.554756 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | w12_firmware | 3.0.0.4\(2887\) | |
| tenda | w12 | - | |
| tenda | w12_firmware | 3.0.0.5\(3644\) | |
| tenda | w12 | - | |
| tenda | i24_firmware | 3.0.0.4\(2887\) | |
| tenda | i24 | - | |
| tenda | i24_firmware | 3.0.0.5\(3644\) | |
| tenda | i24 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.4\\(2887\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A79FCEB8-7463-404D-9070-056CFA0A09EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.5\\(3644\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7305B22D-3176-4EE3-B717-ABED6B941F46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:i24_firmware:3.0.0.4\\(2887\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3EEECB34-D194-4EF3-80C8-542534E0C8FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:i24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734CD236-AD9B-4232-96F6-07A324472B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:i24_firmware:3.0.0.5\\(3644\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A4E9F82-3B43-4A09-8C3F-CF7949CD0C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:i24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734CD236-AD9B-4232-96F6-07A324472B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tenda W12 e i24 3.0.0.4(2887)/3.0.0.5(3644). Se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n cgiSysScheduleRebootSet del archivo /bin/httpd. La manipulaci\u00f3n del argumento rebootDate provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-3803",
"lastModified": "2025-07-30T18:57:31.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-04-19T15:15:47.040",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/02Tn/vul/issues/3"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.305657"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.305657"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.554756"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-09-01 12:15
Modified
2025-09-04 16:19
Severity ?
1.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md | Not Applicable | |
| cna@vuldb.com | https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce | Not Applicable | |
| cna@vuldb.com | https://vuldb.com/?ctiid.322080 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.322080 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.640969 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md | Not Applicable | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | w12_firmware | 3.0.0.6\(3948\) | |
| tenda | w12 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.6\\(3948\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5A053AC4-B48D-4733-B713-50F8CA2958A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used."
}
],
"id": "CVE-2025-9778",
"lastModified": "2025-09-04T16:19:21.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 0.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.2,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-09-01T12:15:32.180",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Not Applicable"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Not Applicable"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.322080"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.322080"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.640969"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Not Applicable"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Not Applicable"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
},
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-16 14:15
Modified
2025-07-16 15:33
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/02Tn/vul/issues/1 | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.304982 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.304982 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.553526 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | w12_firmware | 3.0.0.5 | |
| tenda | w12 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "793F7AF2-24B3-4E40-BEFF-8A2B59426B5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tenda W12 3.0.0.5. Se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n cgiWifiRadioSet del archivo /bin/httpd. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-3693",
"lastModified": "2025-07-16T15:33:59.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-04-16T14:15:28.793",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/02Tn/vul/issues/1"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.304982"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.304982"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.553526"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-19 21:15
Modified
2025-07-30 18:57
Severity ?
Summary
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/02Tn/vul/issues/4 | Exploit, Issue Tracking, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.305726 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.305726 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.555728 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | w12_firmware | 3.0.0.4\(2887\) | |
| tenda | w12 | - | |
| tenda | w12_firmware | 3.0.0.5\(3644\) | |
| tenda | w12 | - | |
| tenda | i24_firmware | 3.0.0.4\(2887\) | |
| tenda | i24 | - | |
| tenda | i24_firmware | 3.0.0.5\(3644\) | |
| tenda | i24 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.4\\(2887\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A79FCEB8-7463-404D-9070-056CFA0A09EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.5\\(3644\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7305B22D-3176-4EE3-B717-ABED6B941F46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:i24_firmware:3.0.0.4\\(2887\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3EEECB34-D194-4EF3-80C8-542534E0C8FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:i24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734CD236-AD9B-4232-96F6-07A324472B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:i24_firmware:3.0.0.5\\(3644\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A4E9F82-3B43-4A09-8C3F-CF7949CD0C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:i24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734CD236-AD9B-4232-96F6-07A324472B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tenda W12 e i24 3.0.0.4(2887)/3.0.0.5(3644), clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n cgiSysUplinkCheckSet del archivo /bin/httpd. La manipulaci\u00f3n del argumento hostIp1/hostIp2 provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-3820",
"lastModified": "2025-07-30T18:57:54.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-04-19T21:15:45.660",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/02Tn/vul/issues/4"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.305726"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.305726"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.555728"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}