Details of VAR-202506-0454

ID

VAR-202506-0454

CVE

CVE-2025-5862

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC7 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-006553

DESCRIPTION

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC7 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC7 is a high-performance dual-band wireless router designed for large households, with strong signal coverage and stable network performance. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-5862 // JVNDB: JVNDB-2025-006553 // CNVD: CNVD-2025-12742

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12742

AFFECTED PRODUCTS

vendor:	tenda	model:	ac7	scope:	eq	version:	15.03.06.44	Trust: 1.6
vendor:	tenda	model:	ac7	scope:	eq	version:	ac7 firmware 15.03.06.44	Trust: 0.8
vendor:	tenda	model:	ac7	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac7	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-12742 // JVNDB: JVNDB-2025-006553 // NVD: CVE-2025-5862

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5862
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-5862
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-006553
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-12742
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-5862
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-006553
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12742
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5862
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-5862
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-006553
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12742 // JVNDB: JVNDB-2025-006553 // NVD: CVE-2025-5862 // NVD: CVE-2025-5862

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006553 // NVD: CVE-2025-5862

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5862	Trust: 3.2
db:	VULDB	id:	311621	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-006553	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12742	Trust: 0.6

sources: CNVD: CNVD-2025-12742 // JVNDB: JVNDB-2025-006553 // NVD: CVE-2025-5862

REFERENCES

url:	https://lavender-bicycle-a5a.notion.site/tenda-ac7-formsetpptpuserlist-20a53a41781f806ca124cbdf99bff931?source=copy_link	Trust: 1.8
url:	https://vuldb.com/?id.311621	Trust: 1.8
url:	https://vuldb.com/?submit.591980	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://lavender-bicycle-a5a.notion.site/tenda-ac7-formsetpptpuserlist-20a53a41781f806ca124cbdf99bff931	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5862	Trust: 1.4
url:	https://vuldb.com/?ctiid.311621	Trust: 1.0

sources: CNVD: CNVD-2025-12742 // JVNDB: JVNDB-2025-006553 // NVD: CVE-2025-5862

SOURCES

db:	CNVD	id:	CNVD-2025-12742
db:	JVNDB	id:	JVNDB-2025-006553
db:	NVD	id:	CVE-2025-5862

LAST UPDATE DATE

2025-06-19T23:41:26.471000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12742	date:	2025-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-006553	date:	2025-06-10T06:22:00
db:	NVD	id:	CVE-2025-5862	date:	2025-06-09T19:02:54.097

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12742	date:	2025-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-006553	date:	2025-06-10T00:00:00
db:	NVD	id:	CVE-2025-5862	date:	2025-06-09T05:15:21.887