Sign-up

ID

VAR-202502-3290


CVE

CVE-2025-25662


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  O4  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004793

DESCRIPTION

Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time. Shenzhen Tenda Technology Co.,Ltd. of O4 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O4 is a router product of Tenda. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash and execute arbitrary code in the context of the application

Trust: 2.16

sources: NVD: CVE-2025-25662 // JVNDB: JVNDB-2025-004793 // CNVD: CNVD-2025-04179

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-04179

AFFECTED PRODUCTS

vendor:tendamodel:o4scope:eqversion:1.0.0.10\(2936\)

Trust: 1.0

vendor:tendamodel:o4scope: - version: -

Trust: 0.8

vendor:tendamodel:o4scope:eqversion:o4 firmware 1.0.0.10(2936)

Trust: 0.8

vendor:tendamodel:o4scope:eqversion: -

Trust: 0.8

vendor:tendamodel:o4scope:eqversion:v3.0

Trust: 0.6

sources: CNVD: CNVD-2025-04179 // JVNDB: JVNDB-2025-004793 // NVD: CVE-2025-25662

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-25662
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-004793
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-04179
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-04179
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-25662
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-004793
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-04179 // JVNDB: JVNDB-2025-004793 // NVD: CVE-2025-25662

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004793 // NVD: CVE-2025-25662

EXTERNAL IDS

db:NVDid:CVE-2025-25662

Trust: 3.2

db:JVNDBid:JVNDB-2025-004793

Trust: 0.8

db:CNVDid:CNVD-2025-04179

Trust: 0.6

sources: CNVD: CNVD-2025-04179 // JVNDB: JVNDB-2025-004793 // NVD: CVE-2025-25662

REFERENCES

url:https://github.com/jangfan/my-vuln/blob/main/tenda/o4v3/setmacfilterlist.md

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2025-25662

Trust: 0.8

sources: CNVD: CNVD-2025-04179 // JVNDB: JVNDB-2025-004793 // NVD: CVE-2025-25662

SOURCES

db:CNVDid:CNVD-2025-04179
db:JVNDBid:JVNDB-2025-004793
db:NVDid:CVE-2025-25662

LAST UPDATE DATE

2025-05-15T23:07:33.350000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-04179date:2025-03-04T00:00:00
db:JVNDBid:JVNDB-2025-004793date:2025-05-13T08:49:00
db:NVDid:CVE-2025-25662date:2025-05-07T17:56:07.840

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-04179date:2025-02-27T00:00:00
db:JVNDBid:JVNDB-2025-004793date:2025-05-13T00:00:00
db:NVDid:CVE-2025-25662date:2025-02-20T23:15:12.233