Sign-up

ID

VAR-202510-0265


CVE

CVE-2025-60662


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC18  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015507

DESCRIPTION

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure to properly validate the length of the input data for the wanSpeed parameter in the fromAdvSetMacMtuWan function. An attacker could exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-60662 // JVNDB: JVNDB-2025-015507 // CNVD: CNVD-2025-24473

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-24473

AFFECTED PRODUCTS

vendor:tendamodel:ac18scope:eqversion:15.03.05.19

Trust: 1.6

vendor:tendamodel:ac18scope:eqversion:ac18 firmware 15.03.05.19

Trust: 0.8

vendor:tendamodel:ac18scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac18scope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2025-24473 // JVNDB: JVNDB-2025-015507 // NVD: CVE-2025-60662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-60662
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-60662
value: HIGH

Trust: 1.0

NVD: CVE-2025-60662
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-24473
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-24473
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2025-60662
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2025-60662
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-24473 // JVNDB: JVNDB-2025-015507 // NVD: CVE-2025-60662 // NVD: CVE-2025-60662

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-015507 // NVD: CVE-2025-60662

EXTERNAL IDS

db:NVDid:CVE-2025-60662

Trust: 3.2

db:JVNDBid:JVNDB-2025-015507

Trust: 0.8

db:CNVDid:CNVD-2025-24473

Trust: 0.6

sources: CNVD: CNVD-2025-24473 // JVNDB: JVNDB-2025-015507 // NVD: CVE-2025-60662

REFERENCES

url:https://drive.google.com/file/d/1-xpzmt_yw5jtygqj6hzbrnc5ijlanlqo/view?usp=sharing

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-60662

Trust: 0.8

sources: CNVD: CNVD-2025-24473 // JVNDB: JVNDB-2025-015507 // NVD: CVE-2025-60662

SOURCES

db:CNVDid:CNVD-2025-24473
db:JVNDBid:JVNDB-2025-015507
db:NVDid:CVE-2025-60662

LAST UPDATE DATE

2025-11-19T23:30:51.330000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-24473date:2025-10-22T00:00:00
db:JVNDBid:JVNDB-2025-015507date:2025-10-09T07:36:00
db:NVDid:CVE-2025-60662date:2025-10-07T17:44:04.857

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-24473date:2025-10-21T00:00:00
db:JVNDBid:JVNDB-2025-015507date:2025-10-09T00:00:00
db:NVDid:CVE-2025-60662date:2025-10-02T16:15:38.517