Sign-up

ID

VAR-202504-1213


CVE

CVE-2025-3786


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC15  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-003916

DESCRIPTION

A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-3786 // JVNDB: JVNDB-2025-003916

AFFECTED PRODUCTS

vendor:tendamodel:ac15scope:eqversion:15.03.05.19

Trust: 1.0

vendor:tendamodel:ac15scope: - version: -

Trust: 0.8

vendor:tendamodel:ac15scope:eqversion:ac15 firmware 15.03.05.19

Trust: 0.8

vendor:tendamodel:ac15scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-003916 // NVD: CVE-2025-3786

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-3786
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-3786
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-003916
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-3786
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-003916
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-3786
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2025-003916
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-003916 // NVD: CVE-2025-3786 // NVD: CVE-2025-3786

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-003916 // NVD: CVE-2025-3786

EXTERNAL IDS

db:NVDid:CVE-2025-3786

Trust: 2.6

db:VULDBid:305609

Trust: 1.8

db:JVNDBid:JVNDB-2025-003916

Trust: 0.8

sources: JVNDB: JVNDB-2025-003916 // NVD: CVE-2025-3786

REFERENCES

url:https://github.com/ch13hh/cve/tree/ac15wifiextraset

Trust: 1.8

url:https://vuldb.com/?id.305609

Trust: 1.8

url:https://vuldb.com/?submit.553703

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?ctiid.305609

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-3786

Trust: 0.8

sources: JVNDB: JVNDB-2025-003916 // NVD: CVE-2025-3786

SOURCES

db:JVNDBid:JVNDB-2025-003916
db:NVDid:CVE-2025-3786

LAST UPDATE DATE

2025-04-25T01:50:09.972000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-003916date:2025-04-23T07:02:00
db:NVDid:CVE-2025-3786date:2025-04-22T16:35:33.920

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-003916date:2025-04-23T00:00:00
db:NVDid:CVE-2025-3786date:2025-04-18T09:15:15.693