CVE-2025-1851

Summary

A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC715.03.06.0affected
TendaAC715.03.06.1affected
TendaAC715.03.06.2affected
TendaAC715.03.06.3affected
TendaAC715.03.06.4affected
TendaAC715.03.06.5affected
TendaAC715.03.06.6affected
TendaAC715.03.06.7affected
TendaAC715.03.06.8affected
TendaAC715.03.06.9affected
TendaAC715.03.06.10affected
TendaAC715.03.06.11affected
TendaAC715.03.06.12affected
TendaAC715.03.06.13affected
TendaAC715.03.06.14affected
TendaAC715.03.06.15affected
TendaAC715.03.06.16affected
TendaAC715.03.06.17affected
TendaAC715.03.06.18affected
TendaAC715.03.06.19affected
TendaAC715.03.06.20affected
TendaAC715.03.06.21affected
TendaAC715.03.06.22affected
TendaAC715.03.06.23affected
TendaAC715.03.06.24affected
TendaAC715.03.06.25affected
TendaAC715.03.06.26affected
TendaAC715.03.06.27affected
TendaAC715.03.06.28affected
TendaAC715.03.06.29affected
TendaAC715.03.06.30affected
TendaAC715.03.06.31affected
TendaAC715.03.06.32affected
TendaAC715.03.06.33affected
TendaAC715.03.06.34affected
TendaAC715.03.06.35affected
TendaAC715.03.06.36affected
TendaAC715.03.06.37affected
TendaAC715.03.06.38affected
TendaAC715.03.06.39affected
TendaAC715.03.06.40affected
TendaAC715.03.06.41affected
TendaAC715.03.06.42affected
TendaAC715.03.06.43affected
TendaAC715.03.06.44affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References