Sign-up

ID

VAR-202505-1817


CVE

CVE-2025-4897


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  A15  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005793

DESCRIPTION

A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/multimodalAdd of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. of A15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-4897 // JVNDB: JVNDB-2025-005793

AFFECTED PRODUCTS

vendor:tendamodel:a15scope:eqversion:15.13.07.09

Trust: 1.0

vendor:tendamodel:a15scope:eqversion:15.13.07.13

Trust: 1.0

vendor:tendamodel:a15scope:eqversion:a15 firmware 15.13.07.09

Trust: 0.8

vendor:tendamodel:a15scope:eqversion: -

Trust: 0.8

vendor:tendamodel:a15scope:eqversion:a15 firmware 15.13.07.13

Trust: 0.8

vendor:tendamodel:a15scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-005793 // NVD: CVE-2025-4897

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4897
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-4897
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-005793
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-4897
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-005793
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-4897
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4897
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-005793
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-005793 // NVD: CVE-2025-4897 // NVD: CVE-2025-4897

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-005793 // NVD: CVE-2025-4897

EXTERNAL IDS

db:NVDid:CVE-2025-4897

Trust: 2.6

db:VULDBid:309453

Trust: 1.8

db:JVNDBid:JVNDB-2025-005793

Trust: 0.8

sources: JVNDB: JVNDB-2025-005793 // NVD: CVE-2025-4897

REFERENCES

url:https://vuldb.com/?id.309453

Trust: 1.8

url:https://vuldb.com/?submit.578035

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?ctiid.309453

Trust: 1.0

url:https://github.com/byxs0x0/cve2/blob/main/tenda%20ac15.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4897

Trust: 0.8

sources: JVNDB: JVNDB-2025-005793 // NVD: CVE-2025-4897

SOURCES

db:JVNDBid:JVNDB-2025-005793
db:NVDid:CVE-2025-4897

LAST UPDATE DATE

2025-05-30T23:23:08.119000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-005793date:2025-05-28T08:20:00
db:NVDid:CVE-2025-4897date:2025-05-27T16:30:05.410

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-005793date:2025-05-28T00:00:00
db:NVDid:CVE-2025-4897date:2025-05-18T22:15:18.443