Details of VAR-202511-0001

ID

VAR-202511-0001

CVE

CVE-2025-12595

TITLE

Tenda AC23 SetVirtualServerCfg file buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-27901

DESCRIPTION

A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The Tenda AC23 is a dual-band wireless router for home use, designed for large homes with excellent coverage and high-speed transmission. It supports 802.11ac Wave2 technology and boasts a maximum concurrent dual-band speed of 2033Mbps. This vulnerability stems from the fact that the `formSetVirtualSer` function parameter `list` in the file `/goform/SetVirtualServerCfg` fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-12595 // CNVD: CNVD-2025-27901

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-27901

AFFECTED PRODUCTS

vendor:

tenda

model:

ac23

scope:

version:

16.03.07.52

Trust: 1.6

sources: CNVD: CNVD-2025-27901 // NVD: CVE-2025-12595

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-12595
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-12595
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-27901
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-12595
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-27901
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-12595
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-12595
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-27901 // NVD: CVE-2025-12595 // NVD: CVE-2025-12595

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0

sources: NVD: CVE-2025-12595

EXTERNAL IDS

db:	NVD	id:	CVE-2025-12595	Trust: 1.6
db:	VULDB	id:	330890	Trust: 1.0
db:	CNVD	id:	CNVD-2025-27901	Trust: 0.6

sources: CNVD: CNVD-2025-27901 // NVD: CVE-2025-12595

REFERENCES

url:	https://github.com/lx-lx88/cve/issues/8	Trust: 1.6
url:	https://www.tenda.com.cn/	Trust: 1.0
url:	https://vuldb.com/?ctiid.330890	Trust: 1.0
url:	https://vuldb.com/?id.330890	Trust: 1.0
url:	https://vuldb.com/?submit.677581	Trust: 1.0

sources: CNVD: CNVD-2025-27901 // NVD: CVE-2025-12595

SOURCES

db:	CNVD	id:	CNVD-2025-27901
db:	NVD	id:	CVE-2025-12595

LAST UPDATE DATE

2025-11-18T15:38:27.530000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-27901	date:	2025-11-14T00:00:00
db:	NVD	id:	CVE-2025-12595	date:	2025-11-05T15:43:17.327

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-27901	date:	2025-11-14T00:00:00
db:	NVD	id:	CVE-2025-12595	date:	2025-11-02T10:15:33