Details of VAR-202507-2464

ID

VAR-202507-2464

CVE

CVE-2025-7914

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC6 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009753

DESCRIPTION

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports IPv4 and IPv6 protocols and is mainly designed for home network environments. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-7914 // JVNDB: JVNDB-2025-009753 // CNVD: CNVD-2025-16812

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16812

AFFECTED PRODUCTS

vendor:	tenda	model:	ac6	scope:	eq	version:	15.03.06.50	Trust: 1.6
vendor:	tenda	model:	ac6	scope:	eq	version:	ac6 firmware 15.03.06.50	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-16812 // JVNDB: JVNDB-2025-009753 // NVD: CVE-2025-7914

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7914
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009753
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-16812
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7914
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009753
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-16812
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7914
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-009753
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-16812 // JVNDB: JVNDB-2025-009753 // NVD: CVE-2025-7914

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009753 // NVD: CVE-2025-7914

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7914	Trust: 3.2
db:	VULDB	id:	317029	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009753	Trust: 0.8
db:	CNVD	id:	CNVD-2025-16812	Trust: 0.6

sources: CNVD: CNVD-2025-16812 // JVNDB: JVNDB-2025-009753 // NVD: CVE-2025-7914

REFERENCES

url:	https://github.com/gaochen61/iotvuln/blob/main/tenda_ac6_v15.03.06.50/setparentcontrolinfo.md	Trust: 2.4
url:	https://vuldb.com/?id.317029	Trust: 1.8
url:	https://vuldb.com/?submit.618859	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://vuldb.com/?ctiid.317029	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7914	Trust: 0.8

sources: CNVD: CNVD-2025-16812 // JVNDB: JVNDB-2025-009753 // NVD: CVE-2025-7914

SOURCES

db:	CNVD	id:	CNVD-2025-16812
db:	JVNDB	id:	JVNDB-2025-009753
db:	NVD	id:	CVE-2025-7914

LAST UPDATE DATE

2025-07-28T23:34:24.667000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-16812	date:	2025-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2025-009753	date:	2025-07-24T06:57:00
db:	NVD	id:	CVE-2025-7914	date:	2025-07-23T16:15:35.403

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-16812	date:	2025-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2025-009753	date:	2025-07-24T00:00:00
db:	NVD	id:	CVE-2025-7914	date:	2025-07-21T01:15:22.400