Sign-up

ID

VAR-202508-2571


CVE

CVE-2025-57218


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC10  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-012924

DESCRIPTION

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily targeting users with fiber optic connections of 200Mbps and above. This vulnerability stems from the failure of the security_5g parameter in the sub_46284C function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-57218 // JVNDB: JVNDB-2025-012924 // CNVD: CNVD-2025-20142

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20142

AFFECTED PRODUCTS

vendor:tendamodel:ac10scope:eqversion:16.03.10.09_multi_tde01

Trust: 1.0

vendor:tendamodel:ac10scope: - version: -

Trust: 0.8

vendor:tendamodel:ac10scope:eqversion:ac10 firmware 16.03.10.09 multi tde01

Trust: 0.8

vendor:tendamodel:ac10scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac10 v16.03.10.09 multi tde01scope:eqversion:v4.0

Trust: 0.6

sources: CNVD: CNVD-2025-20142 // JVNDB: JVNDB-2025-012924 // NVD: CVE-2025-57218

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-57218
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-012924
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-20142
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-20142
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-57218
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-012924
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-20142 // JVNDB: JVNDB-2025-012924 // NVD: CVE-2025-57218

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-012924 // NVD: CVE-2025-57218

EXTERNAL IDS

db:NVDid:CVE-2025-57218

Trust: 3.2

db:JVNDBid:JVNDB-2025-012924

Trust: 0.8

db:CNVDid:CNVD-2025-20142

Trust: 0.6

sources: CNVD: CNVD-2025-20142 // JVNDB: JVNDB-2025-012924 // NVD: CVE-2025-57218

REFERENCES

url:https://plaid-knot-11b.notion.site/stack-buffer-overflow-in-goform-wifibasicset-via-password-parameter-remote-attacker-can-execute-ar-23fb3e9cce32807c883fc1b233e09eca?source=copy_link

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-57218

Trust: 0.8

sources: CNVD: CNVD-2025-20142 // JVNDB: JVNDB-2025-012924 // NVD: CVE-2025-57218

SOURCES

db:CNVDid:CNVD-2025-20142
db:JVNDBid:JVNDB-2025-012924
db:NVDid:CVE-2025-57218

LAST UPDATE DATE

2025-09-07T23:12:36.544000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20142date:2025-09-03T00:00:00
db:JVNDBid:JVNDB-2025-012924date:2025-09-04T06:48:00
db:NVDid:CVE-2025-57218date:2025-09-03T16:11:25.347

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20142date:2025-09-02T00:00:00
db:JVNDBid:JVNDB-2025-012924date:2025-09-04T00:00:00
db:NVDid:CVE-2025-57218date:2025-08-28T18:15:32.743