Details of VAR-202510-1250

ID

VAR-202510-1250

CVE

CVE-2025-60663

TITLE

Tenda AC18 wanMTU parameter stack buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-24472

DESCRIPTION

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure of the fromAdvSetMacMtuWan function to properly validate the length of the input data in the wanMTU parameter. An attacker could exploit this vulnerability to cause a denial of service

Trust: 1.44

sources: NVD: CVE-2025-60663 // CNVD: CNVD-2025-24472

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-24472

AFFECTED PRODUCTS

vendor:

tenda

model:

ac18

scope:

version:

15.03.05.19

Trust: 1.6

sources: CNVD: CNVD-2025-24472 // NVD: CVE-2025-60663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-60663
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-60663
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-24472
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-24472
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-60663
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2025-24472 // NVD: CVE-2025-60663 // NVD: CVE-2025-60663

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0

sources: NVD: CVE-2025-60663

EXTERNAL IDS

db:	NVD	id:	CVE-2025-60663	Trust: 1.6
db:	CNVD	id:	CNVD-2025-24472	Trust: 0.6

sources: CNVD: CNVD-2025-24472 // NVD: CVE-2025-60663

REFERENCES

url:

https://drive.google.com/file/d/1co536tsedpanfhsvhbvay0_fomca4r6r/view?usp=sharing

Trust: 1.6

sources: CNVD: CNVD-2025-24472 // NVD: CVE-2025-60663

SOURCES

db:	CNVD	id:	CNVD-2025-24472
db:	NVD	id:	CVE-2025-60663

LAST UPDATE DATE

2025-11-19T23:16:11.681000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-24472	date:	2025-10-22T00:00:00
db:	NVD	id:	CVE-2025-60663	date:	2025-10-07T17:34:41.880

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-24472	date:	2025-10-21T00:00:00
db:	NVD	id:	CVE-2025-60663	date:	2025-10-02T17:16:09.457