Details of VAR-202504-0757

ID

VAR-202504-0757

CVE

CVE-2025-3328

TITLE

Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-002999

DESCRIPTION

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. AC1206 is a high-performance wireless router designed for broadband users of 200M and above. The vulnerability is caused by the form_fast_setting_wifi_set function of the /goform/fast_setting_wifi_set file not performing a valid boundary check on the input of the ssid or timeZone parameters, resulting in a buffer overflow. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-3328 // JVNDB: JVNDB-2025-002999 // CNVD: CNVD-2025-07591

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07591

AFFECTED PRODUCTS

vendor:	tenda	model:	ac1206	scope:	eq	version:	15.03.06.23	Trust: 1.0
vendor:	tenda	model:	ac1206	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac1206	scope:	eq	version:	ac1206 firmware 15.03.06.23	Trust: 0.8
vendor:	tenda	model:	ac1206	scope:	-	version:	-	Trust: 0.8
vendor:	jixiang tengda	model:	ac1206	scope:	eq	version:	15.03.06.23	Trust: 0.6

sources: CNVD: CNVD-2025-07591 // JVNDB: JVNDB-2025-002999 // NVD: CVE-2025-3328

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-3328
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-002999
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-07591
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-3328
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-002999
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-07591
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-3328
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-002999
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-07591 // JVNDB: JVNDB-2025-002999 // NVD: CVE-2025-3328

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-002999 // NVD: CVE-2025-3328

EXTERNAL IDS

db:	NVD	id:	CVE-2025-3328	Trust: 3.2
db:	VULDB	id:	303540	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-002999	Trust: 0.8
db:	CNVD	id:	CNVD-2025-07591	Trust: 0.6

sources: CNVD: CNVD-2025-07591 // JVNDB: JVNDB-2025-002999 // NVD: CVE-2025-3328

REFERENCES

url:	https://github.com/ch13hh/tmp_store_cc/blob/main/ac1206/ac1206form_fast_setting_wifi_set/form_fast_setting_wifi_set.md	Trust: 1.8
url:	https://github.com/ch13hh/tmp_store_cc/blob/main/ac1206/ac1206form_fast_setting_wifi_set_time/time.md	Trust: 1.8
url:	https://vuldb.com/?id.303540	Trust: 1.8
url:	https://vuldb.com/?submit.551893	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-3328	Trust: 1.4
url:	https://vuldb.com/?ctiid.303540	Trust: 1.0

sources: CNVD: CNVD-2025-07591 // JVNDB: JVNDB-2025-002999 // NVD: CVE-2025-3328

SOURCES

db:	CNVD	id:	CNVD-2025-07591
db:	JVNDB	id:	JVNDB-2025-002999
db:	NVD	id:	CVE-2025-3328

LAST UPDATE DATE

2025-04-20T23:32:34.300000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07591	date:	2025-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-002999	date:	2025-04-08T02:45:00
db:	NVD	id:	CVE-2025-3328	date:	2025-04-07T18:17:37.687

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07591	date:	2025-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2025-002999	date:	2025-04-08T00:00:00
db:	NVD	id:	CVE-2025-3328	date:	2025-04-07T01:15:42.953