Details of VAR-202509-1017

ID

VAR-202509-1017

CVE

CVE-2025-57087

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-014503

DESCRIPTION

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHOs, small businesses, and small shops. This vulnerability stems from the inability of the countryCode parameter in the werlessAdvancedSet function to properly validate the length of input data

Trust: 2.16

sources: NVD: CVE-2025-57087 // JVNDB: JVNDB-2025-014503 // CNVD: CNVD-2025-21390

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21390

AFFECTED PRODUCTS

vendor:	tenda	model:	w30e	scope:	lte	version:	16.01.0.19\(5037\)	Trust: 1.0
vendor:	tenda	model:	w30e	scope:	lte	version:	w30e firmware 16.01.0.19(5037) and earlier	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	eq	version:	16.01.0.19(5037)	Trust: 0.6

sources: CNVD: CNVD-2025-21390 // JVNDB: JVNDB-2025-014503 // NVD: CVE-2025-57087

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-57087
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-014503
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-21390
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21390
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-57087
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-014503
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-21390 // JVNDB: JVNDB-2025-014503 // NVD: CVE-2025-57087

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-014503 // NVD: CVE-2025-57087

EXTERNAL IDS

db:	NVD	id:	CVE-2025-57087	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-014503	Trust: 0.8
db:	CNVD	id:	CNVD-2025-21390	Trust: 0.6

sources: CNVD: CNVD-2025-21390 // JVNDB: JVNDB-2025-014503 // NVD: CVE-2025-57087

REFERENCES

url:	https://github.com/vulndetailrecord/vulfordevice/blob/main/tenda/w30e/werlessadvancedset.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2025-57087	Trust: 0.8

sources: CNVD: CNVD-2025-21390 // JVNDB: JVNDB-2025-014503 // NVD: CVE-2025-57087

SOURCES

db:	CNVD	id:	CNVD-2025-21390
db:	JVNDB	id:	JVNDB-2025-014503
db:	NVD	id:	CVE-2025-57087

LAST UPDATE DATE

2025-09-28T03:04:55.987000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21390	date:	2025-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2025-014503	date:	2025-09-26T02:00:00
db:	NVD	id:	CVE-2025-57087	date:	2025-09-18T18:42:39.153

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21390	date:	2025-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2025-014503	date:	2025-09-26T00:00:00
db:	NVD	id:	CVE-2025-57087	date:	2025-09-09T17:16:10.180