Details of VAR-202504-0700

ID

VAR-202504-0700

CVE

CVE-2025-3167

TITLE

Shenzhen Tenda Technology Co.,Ltd. of ac23 Improper Shutdown and Release of Resources in Firmware Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-003295

DESCRIPTION

A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of ac23 A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state. AC23 is a wireless router that provides high-speed wireless network connection. The vulnerability is caused by the improper processing of getuid parameters by the /goform/VerAPIMant component. An attacker can use this vulnerability to send specially crafted requests to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-3167 // JVNDB: JVNDB-2025-003295 // CNVD: CNVD-2025-07179

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07179

AFFECTED PRODUCTS

vendor:	tenda	model:	ac23	scope:	eq	version:	16.03.07.52	Trust: 1.0
vendor:	tenda	model:	ac23	scope:	eq	version:	ac23 firmware 16.03.07.52	Trust: 0.8
vendor:	tenda	model:	ac23	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac23	scope:	-	version:	-	Trust: 0.8
vendor:	jixiang tengda	model:	ac23	scope:	eq	version:	16.03.07.52	Trust: 0.6

sources: CNVD: CNVD-2025-07179 // JVNDB: JVNDB-2025-003295 // NVD: CVE-2025-3167

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-3167
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-3167
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-003295
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-07179
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-3167
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-003295
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-07179
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-3167
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-3167
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-003295
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-07179 // JVNDB: JVNDB-2025-003295 // NVD: CVE-2025-3167 // NVD: CVE-2025-3167

PROBLEMTYPE DATA

problemtype:	CWE-404	Trust: 1.0
problemtype:	Improper shutdown and release of resources (CWE-404) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-003295 // NVD: CVE-2025-3167

EXTERNAL IDS

db:	NVD	id:	CVE-2025-3167	Trust: 3.2
db:	VULDB	id:	303113	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-003295	Trust: 0.8
db:	CNVD	id:	CNVD-2025-07179	Trust: 0.6

sources: CNVD: CNVD-2025-07179 // JVNDB: JVNDB-2025-003295 // NVD: CVE-2025-3167

REFERENCES

url:	https://github.com/lzy0522/cve/blob/main/cve_1.md	Trust: 1.8
url:	https://vuldb.com/?id.303113	Trust: 1.8
url:	https://vuldb.com/?submit.543150	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-3167	Trust: 1.4
url:	https://vuldb.com/?ctiid.303113	Trust: 1.0

sources: CNVD: CNVD-2025-07179 // JVNDB: JVNDB-2025-003295 // NVD: CVE-2025-3167

SOURCES

db:	CNVD	id:	CNVD-2025-07179
db:	JVNDB	id:	JVNDB-2025-003295
db:	NVD	id:	CVE-2025-3167

LAST UPDATE DATE

2025-04-15T23:48:04.367000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07179	date:	2025-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-003295	date:	2025-04-11T08:58:00
db:	NVD	id:	CVE-2025-3167	date:	2025-04-08T13:50:05.433

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07179	date:	2025-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-003295	date:	2025-04-11T00:00:00
db:	NVD	id:	CVE-2025-3167	date:	2025-04-03T17:15:31.390