Sign-up

ID

VAR-202510-2178


CVE

CVE-2025-12212


TITLE

Tenda O3 formsetNetworkService function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-26958

DESCRIPTION

A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The Tenda O3 is an outdoor wireless bridge from Tenda, a Chinese company. Tenda O3 version 1.0.0.10 contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `upnpEn` parameter in the `SetValue`/`GetValue` function of the file `/goform/setNetworkService` fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-12212 // CNVD: CNVD-2025-26958

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-26958

AFFECTED PRODUCTS

vendor:tendamodel:o3 1.0.0.10\scope:eqversion:*

Trust: 1.0

vendor:tendamodel:o3scope:eqversion:1.0.0.10

Trust: 0.6

sources: CNVD: CNVD-2025-26958 // NVD: CVE-2025-12212

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-12212
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-26958
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-12212
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-26958
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-12212
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-26958 // NVD: CVE-2025-12212

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2025-12212

EXTERNAL IDS

db:NVDid:CVE-2025-12212

Trust: 1.6

db:VULDBid:329882

Trust: 1.0

db:CNVDid:CNVD-2025-26958

Trust: 0.6

sources: CNVD: CNVD-2025-26958 // NVD: CVE-2025-12212

REFERENCES

url:https://vuldb.com/?id.329882

Trust: 1.0

url:https://vuldb.com/?ctiid.329882

Trust: 1.0

url:https://github.com/noahze01/iot-vulnerable/blob/main/tenda/o3v2.0/setnetworkservice.md

Trust: 1.0

url:https://vuldb.com/?submit.673267

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-12212

Trust: 0.6

sources: CNVD: CNVD-2025-26958 // NVD: CVE-2025-12212

SOURCES

db:CNVDid:CNVD-2025-26958
db:NVDid:CVE-2025-12212

LAST UPDATE DATE

2025-11-19T19:40:47.176000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-26958date:2025-11-05T00:00:00
db:NVDid:CVE-2025-12212date:2025-10-28T02:25:04.630

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-26958date:2025-11-05T00:00:00
db:NVDid:CVE-2025-12212date:2025-10-27T04:15:50.877