Details of VAR-202501-1467

ID

VAR-202501-1467

CVE

CVE-2025-0566

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC15 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008016

DESCRIPTION

A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC15 has a buffer overflow vulnerability, which is caused by the parameter mac of the file /goform/SetDevNetName failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-0566 // JVNDB: JVNDB-2025-008016 // CNVD: CNVD-2025-09940

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-09940

AFFECTED PRODUCTS

vendor:	tenda	model:	ac15	scope:	eq	version:	15.13.07.13	Trust: 1.6
vendor:	tenda	model:	ac15	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	eq	version:	ac15 firmware 15.13.07.13	Trust: 0.8

sources: CNVD: CNVD-2025-09940 // JVNDB: JVNDB-2025-008016 // NVD: CVE-2025-0566

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-0566
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-008016
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-09940
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-0566
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-008016
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-09940
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-0566
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-008016
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-09940 // JVNDB: JVNDB-2025-008016 // NVD: CVE-2025-0566

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-008016 // NVD: CVE-2025-0566

EXTERNAL IDS

db:	NVD	id:	CVE-2025-0566	Trust: 3.2
db:	VULDB	id:	292527	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-008016	Trust: 0.8
db:	CNVD	id:	CNVD-2025-09940	Trust: 0.6

sources: CNVD: CNVD-2025-09940 // JVNDB: JVNDB-2025-008016 // NVD: CVE-2025-0566

REFERENCES

url:	https://pan.baidu.com/s/1dbdf27octimkw-pszwg02q?pwd=tara	Trust: 1.8
url:	https://vuldb.com/?id.292527	Trust: 1.8
url:	https://vuldb.com/?submit.484418	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-0566	Trust: 1.4
url:	https://vuldb.com/?ctiid.292527	Trust: 1.0

sources: CNVD: CNVD-2025-09940 // JVNDB: JVNDB-2025-008016 // NVD: CVE-2025-0566

SOURCES

db:	CNVD	id:	CNVD-2025-09940
db:	JVNDB	id:	JVNDB-2025-008016
db:	NVD	id:	CVE-2025-0566

LAST UPDATE DATE

2025-07-06T23:43:22.270000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-09940	date:	2025-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2025-008016	date:	2025-07-04T08:06:00
db:	NVD	id:	CVE-2025-0566	date:	2025-07-01T15:11:11.800

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-09940	date:	2025-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-008016	date:	2025-07-04T00:00:00
db:	NVD	id:	CVE-2025-0566	date:	2025-01-19T07:15:06.407