Details of VAR-202504-1378

ID

VAR-202504-1378

CVE

CVE-2025-25455

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC10 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-003898

DESCRIPTION

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda AC10 is a home wireless router that provides stable and fast network connection. The vulnerability is caused by the fact that the AdvSetMacMtuWan function does not effectively check the input data length when processing the wanMTU2 parameter. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-25455 // JVNDB: JVNDB-2025-003898 // CNVD: CNVD-2025-08348

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-08348

AFFECTED PRODUCTS

vendor:	tenda	model:	ac10	scope:	eq	version:	16.03.10.20	Trust: 1.0
vendor:	tenda	model:	ac10	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac10	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac10	scope:	eq	version:	ac10 firmware 16.03.10.20	Trust: 0.8
vendor:	tenda	model:	ac10 v4.0si v16.03.10.20	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-08348 // JVNDB: JVNDB-2025-003898 // NVD: CVE-2025-25455

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-25455
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-003898
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-08348
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-08348
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-25455
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-003898
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-08348 // JVNDB: JVNDB-2025-003898 // NVD: CVE-2025-25455

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-003898 // NVD: CVE-2025-25455

EXTERNAL IDS

db:	NVD	id:	CVE-2025-25455	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-003898	Trust: 0.8
db:	CNVD	id:	CNVD-2025-08348	Trust: 0.6

sources: CNVD: CNVD-2025-08348 // JVNDB: JVNDB-2025-003898 // NVD: CVE-2025-25455

REFERENCES

url:	https://gist.github.com/xyqer1/6c865a9ec44b4797e78b6765cd5c84e5	Trust: 1.8
url:	https://github.com/xyqer1/tenda-ac10-advsetmacmtuwan-wanmtu2-stackoverflow	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-25455	Trust: 1.4

sources: CNVD: CNVD-2025-08348 // JVNDB: JVNDB-2025-003898 // NVD: CVE-2025-25455

SOURCES

db:	CNVD	id:	CNVD-2025-08348
db:	JVNDB	id:	JVNDB-2025-003898
db:	NVD	id:	CVE-2025-25455

LAST UPDATE DATE

2025-04-26T22:57:45.031000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-08348	date:	2025-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2025-003898	date:	2025-04-23T05:47:00
db:	NVD	id:	CVE-2025-25455	date:	2025-04-22T16:41:14.233

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-08348	date:	2025-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2025-003898	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2025-25455	date:	2025-04-17T18:15:48.603