Details of VAR-202503-0215

ID

VAR-202503-0215

CVE

CVE-2025-1851

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC7 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-003387

DESCRIPTION

A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC7 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. In Tenda AC7 15.03.06.44 and earlier versions, the formSetFirewallCfg function of the /goform/SetFirewallCfg file has a stack overflow vulnerability when processing the firewallEn parameter. The vulnerability is caused by the program's failure to check the parameter length. Attackers can use this vulnerability to launch attacks remotely and achieve code execution

Trust: 2.16

sources: NVD: CVE-2025-1851 // JVNDB: JVNDB-2025-003387 // CNVD: CNVD-2025-05237

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-05237

AFFECTED PRODUCTS

vendor:	tenda	model:	ac7	scope:	lt	version:	15.03.06.44	Trust: 1.0
vendor:	tenda	model:	ac7	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac7	scope:	eq	version:	ac7 firmware 15.03.06.44	Trust: 0.8
vendor:	tenda	model:	ac7	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac7	scope:	lte	version:	<=15.03.06.44	Trust: 0.6

sources: CNVD: CNVD-2025-05237 // JVNDB: JVNDB-2025-003387 // NVD: CVE-2025-1851

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-1851
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-003387
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-05237
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-1851
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-003387
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-05237
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-1851
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-003387
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-05237 // JVNDB: JVNDB-2025-003387 // NVD: CVE-2025-1851

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-003387 // NVD: CVE-2025-1851

EXTERNAL IDS

db:	NVD	id:	CVE-2025-1851	Trust: 3.2
db:	VULDB	id:	298119	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-003387	Trust: 0.8
db:	CNVD	id:	CNVD-2025-05237	Trust: 0.6

sources: CNVD: CNVD-2025-05237 // JVNDB: JVNDB-2025-003387 // NVD: CVE-2025-1851

REFERENCES

url:	https://vuldb.com/?id.298119	Trust: 2.4
url:	https://vuldb.com/?submit.505271	Trust: 2.4
url:	https://www.tenda.com.cn/	Trust: 2.4
url:	https://vuldb.com/?ctiid.298119	Trust: 1.6
url:	https://github.com/raining-101/iot_cve/blob/main/ac7_v15.03.06.44_setfirewallcfg.md	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2025-1851	Trust: 0.8

sources: CNVD: CNVD-2025-05237 // JVNDB: JVNDB-2025-003387 // NVD: CVE-2025-1851

SOURCES

db:	CNVD	id:	CNVD-2025-05237
db:	JVNDB	id:	JVNDB-2025-003387
db:	NVD	id:	CVE-2025-1851

LAST UPDATE DATE

2025-04-16T23:22:22.087000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-05237	date:	2025-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-003387	date:	2025-04-14T08:02:00
db:	NVD	id:	CVE-2025-1851	date:	2025-04-10T13:32:42.863

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-05237	date:	2025-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-003387	date:	2025-04-14T00:00:00
db:	NVD	id:	CVE-2025-1851	date:	2025-03-03T05:15:10.867