CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4298: Tenda AC1206 setcfm formSetCfm buffer overflow

8.8 CVSS

Description

A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In Tenda AC1206 bis 15.03.06.23 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formSetCfm der Datei /goform/setcfm. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-4298

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

Buffer Overflow Memory Corruption

Affected Products

Vendor: Tenda

Product: AC1206

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 27.98% (scored less or equal to compared to others)

EPSS Date: 2025-06-03 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4298
https://vuldb.com/?id.307402
https://vuldb.com/?ctiid.307402
https://vuldb.com/?submit.563557
https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206formSetCfm/formSetCfm.md
https://www.tenda.com.cn/

Timeline

2025-05-06 00:40:14 UTC
CVE

Tenda AC1206 setcfm formSetCfm buffer overflow