CVE-2025-4299

Summary

A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC120615.03.06.0affected
TendaAC120615.03.06.1affected
TendaAC120615.03.06.2affected
TendaAC120615.03.06.3affected
TendaAC120615.03.06.4affected
TendaAC120615.03.06.5affected
TendaAC120615.03.06.6affected
TendaAC120615.03.06.7affected
TendaAC120615.03.06.8affected
TendaAC120615.03.06.9affected
TendaAC120615.03.06.10affected
TendaAC120615.03.06.11affected
TendaAC120615.03.06.12affected
TendaAC120615.03.06.13affected
TendaAC120615.03.06.14affected
TendaAC120615.03.06.15affected
TendaAC120615.03.06.16affected
TendaAC120615.03.06.17affected
TendaAC120615.03.06.18affected
TendaAC120615.03.06.19affected
TendaAC120615.03.06.20affected
TendaAC120615.03.06.21affected
TendaAC120615.03.06.22affected
TendaAC120615.03.06.23affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References