Sign-up

ID

VAR-202510-2210


CVE

CVE-2025-12211


TITLE

Tenda O3 formsetDmzInfo function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-26957

DESCRIPTION

A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The Tenda O3 is an outdoor wireless bridge from Tenda, a Chinese company. Tenda O3 version 1.0.0.10 contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `dmzIP` parameter in the `SetValue/GetValue` function of the file `/goform/setDmzInfo` fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-12211 // CNVD: CNVD-2025-26957

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-26957

AFFECTED PRODUCTS

vendor:tendamodel:o3 1.0.0.10\scope:eqversion:*

Trust: 1.0

vendor:tendamodel:o3scope:eqversion:1.0.0.10

Trust: 0.6

sources: CNVD: CNVD-2025-26957 // NVD: CVE-2025-12211

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-12211
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-12211
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2025-26957
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-12211
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-26957
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-12211
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-12211
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-26957 // NVD: CVE-2025-12211 // NVD: CVE-2025-12211

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2025-12211

EXTERNAL IDS

db:NVDid:CVE-2025-12211

Trust: 1.6

db:VULDBid:329881

Trust: 1.0

db:CNVDid:CNVD-2025-26957

Trust: 0.6

sources: CNVD: CNVD-2025-26957 // NVD: CVE-2025-12211

REFERENCES

url:https://github.com/noahze01/iot-vulnerable/blob/main/tenda/o3v2.0/setdmzinfo.md

Trust: 1.0

url:https://vuldb.com/?ctiid.329881

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://vuldb.com/?submit.673265

Trust: 1.0

url:https://vuldb.com/?id.329881

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-12211

Trust: 0.6

sources: CNVD: CNVD-2025-26957 // NVD: CVE-2025-12211

SOURCES

db:CNVDid:CNVD-2025-26957
db:NVDid:CVE-2025-12211

LAST UPDATE DATE

2025-11-19T23:11:58.135000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-26957date:2025-11-05T00:00:00
db:NVDid:CVE-2025-12211date:2025-10-28T14:15:57.377

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-26957date:2025-11-05T00:00:00
db:NVDid:CVE-2025-12211date:2025-10-27T04:15:48.783