CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0349: Tenda AC6 GetParentControlInfo stack-based overflow

8.7 CVSS

Description

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Es wurde eine kritische Schwachstelle in Tenda AC6 15.03.05.16 entdeckt. Es geht dabei um die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Dank der Manipulation des Arguments src mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-0349

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

Affected Products

Vendor: Tenda

Product: AC6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.82% (scored less or equal to compared to others)

EPSS Date: 2025-02-07 (when was this score calculated)

References

https://vuldb.com/?id.290862
https://vuldb.com/?ctiid.290862
https://vuldb.com/?submit.477048
https://github.com/wy876/cve/issues/5
https://www.tenda.com.cn/

Timeline

2025-01-10 00:31:13 UTC
CVE

Tenda AC6 GetParentControlInfo stack-based overflow