Details of VAR-202510-0732

ID

VAR-202510-0732

CVE

CVE-2025-60660

TITLE

Tenda AC18 mac parameter stack buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-24471

DESCRIPTION

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure to properly validate the length of the input data in the mac parameter in the fromAdvSetMacMtuWan function. An attacker could exploit this vulnerability to cause a denial of service

Trust: 1.44

sources: NVD: CVE-2025-60660 // CNVD: CNVD-2025-24471

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-24471

AFFECTED PRODUCTS

vendor:

tenda

model:

ac18

scope:

version:

15.03.05.19

Trust: 1.6

sources: CNVD: CNVD-2025-24471 // NVD: CVE-2025-60660

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-60660
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-60660
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-24471
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-24471
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-60660
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2025-24471 // NVD: CVE-2025-60660 // NVD: CVE-2025-60660

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0

sources: NVD: CVE-2025-60660

EXTERNAL IDS

db:	NVD	id:	CVE-2025-60660	Trust: 1.6
db:	CNVD	id:	CNVD-2025-24471	Trust: 0.6

sources: CNVD: CNVD-2025-24471 // NVD: CVE-2025-60660

REFERENCES

url:

https://drive.google.com/file/d/1ytkuiyxmsaaeoasx7xbqxy2tsrc5e3ew/view?usp=sharing

Trust: 1.6

sources: CNVD: CNVD-2025-24471 // NVD: CVE-2025-60660

SOURCES

db:	CNVD	id:	CNVD-2025-24471
db:	NVD	id:	CVE-2025-60660

LAST UPDATE DATE

2025-11-19T23:07:03.131000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-24471	date:	2025-10-22T00:00:00
db:	NVD	id:	CVE-2025-60660	date:	2025-10-07T17:44:17.803

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-24471	date:	2025-10-21T00:00:00
db:	NVD	id:	CVE-2025-60660	date:	2025-10-02T16:15:38.380