Sign-up

ID

VAR-202504-1784


CVE

CVE-2025-25456


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC10  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-003841

DESCRIPTION

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 has a buffer overflow vulnerability, which is caused by the mac2 parameter in AdvSetMacMtuWan failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-25456 // JVNDB: JVNDB-2025-003841 // CNVD: CNVD-2025-08769

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-08769

AFFECTED PRODUCTS

vendor:tendamodel:ac10scope:eqversion:16.03.10.20

Trust: 1.0

vendor:tendamodel:ac10scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac10scope: - version: -

Trust: 0.8

vendor:tendamodel:ac10scope:eqversion:ac10 firmware 16.03.10.20

Trust: 0.8

vendor:tendamodel:ac10 v4.0si v16.03.10.20scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-08769 // JVNDB: JVNDB-2025-003841 // NVD: CVE-2025-25456

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-25456
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-003841
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-08769
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-08769
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-25456
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-003841
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-08769 // JVNDB: JVNDB-2025-003841 // NVD: CVE-2025-25456

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-003841 // NVD: CVE-2025-25456

EXTERNAL IDS

db:NVDid:CVE-2025-25456

Trust: 3.2

db:JVNDBid:JVNDB-2025-003841

Trust: 0.8

db:CNVDid:CNVD-2025-08769

Trust: 0.6

sources: CNVD: CNVD-2025-08769 // JVNDB: JVNDB-2025-003841 // NVD: CVE-2025-25456

REFERENCES

url:https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0

Trust: 1.8

url:https://github.com/xyqer1/tenda-ac10-advsetmacmtuwan-mac2-stackoverflow

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-25456

Trust: 1.4

sources: CNVD: CNVD-2025-08769 // JVNDB: JVNDB-2025-003841 // NVD: CVE-2025-25456

SOURCES

db:CNVDid:CNVD-2025-08769
db:JVNDBid:JVNDB-2025-003841
db:NVDid:CVE-2025-25456

LAST UPDATE DATE

2025-04-30T23:10:09.624000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-08769date:2025-04-29T00:00:00
db:JVNDBid:JVNDB-2025-003841date:2025-04-23T00:59:00
db:NVDid:CVE-2025-25456date:2025-04-22T16:43:06.293

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-08769date:2025-04-27T00:00:00
db:JVNDBid:JVNDB-2025-003841date:2025-04-23T00:00:00
db:NVDid:CVE-2025-25456date:2025-04-15T19:16:07.327