Details of VAR-202509-1120

ID

VAR-202509-1120

CVE

CVE-2025-57059

TITLE

Tenda G3 addDhcpRule function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-21161

DESCRIPTION

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure of the addDhcpRule function to properly validate the length of the input data in the dhcpIndex parameter

Trust: 1.44

sources: NVD: CVE-2025-57059 // CNVD: CNVD-2025-21161

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21161

AFFECTED PRODUCTS

vendor:

tenda

model:

g3 v3.0br v15.11.0.17

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-21161

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-57059
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-21161
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21161
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-57059
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-21161 // NVD: CVE-2025-57059

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.0

sources: NVD: CVE-2025-57059

EXTERNAL IDS

db:	NVD	id:	CVE-2025-57059	Trust: 1.6
db:	CNVD	id:	CNVD-2025-21161	Trust: 0.6

sources: CNVD: CNVD-2025-21161 // NVD: CVE-2025-57059

REFERENCES

url:	https://github.com/vulndetailrecord/vulfordevice/blob/main/tenda/g3/adddhcprule.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-57059	Trust: 0.6

sources: CNVD: CNVD-2025-21161 // NVD: CVE-2025-57059

SOURCES

db:	CNVD	id:	CNVD-2025-21161
db:	NVD	id:	CVE-2025-57059

LAST UPDATE DATE

2025-09-13T23:32:30.587000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21161	date:	2025-09-12T00:00:00
db:	NVD	id:	CVE-2025-57059	date:	2025-09-11T17:14:25.240

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21161	date:	2025-09-12T00:00:00
db:	NVD	id:	CVE-2025-57059	date:	2025-09-09T17:16:08.390