Details of VAR-202511-0056

ID

VAR-202511-0056

CVE

CVE-2025-12611

TITLE

Tenda AC21 buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-27230

DESCRIPTION

A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. An attacker could exploit this vulnerability to remotely manipulate the parameter, triggering a buffer overflow that could then execute arbitrary code or cause system crashes

Trust: 1.44

sources: NVD: CVE-2025-12611 // CNVD: CNVD-2025-27230

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-27230

AFFECTED PRODUCTS

vendor:

tenda

model:

ac21

scope:

version:

16.03.08.16

Trust: 1.6

sources: CNVD: CNVD-2025-27230 // NVD: CVE-2025-12611

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-12611
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-12611
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-27230
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-12611
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-27230
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-12611
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-12611
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-27230 // NVD: CVE-2025-12611 // NVD: CVE-2025-12611

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0

sources: NVD: CVE-2025-12611

EXTERNAL IDS

db:	VULDB	id:	330906	Trust: 1.6
db:	NVD	id:	CVE-2025-12611	Trust: 1.6
db:	CNVD	id:	CNVD-2025-27230	Trust: 0.6

sources: CNVD: CNVD-2025-27230 // NVD: CVE-2025-12611

REFERENCES

url:	https://vuldb.com/?id.330906	Trust: 1.6
url:	https://vuldb.com/?ctiid.330906	Trust: 1.6
url:	https://vuldb.com/?submit.678491	Trust: 1.6
url:	https://github.com/lx-lx88/cve/issues/10	Trust: 1.6
url:	https://www.tenda.com.cn/	Trust: 1.6

sources: CNVD: CNVD-2025-27230 // NVD: CVE-2025-12611

SOURCES

db:	CNVD	id:	CNVD-2025-27230
db:	NVD	id:	CVE-2025-12611

LAST UPDATE DATE

2025-11-18T15:38:30.489000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-27230	date:	2025-11-07T00:00:00
db:	NVD	id:	CVE-2025-12611	date:	2025-11-05T16:09:23.787

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-27230	date:	2025-11-07T00:00:00
db:	NVD	id:	CVE-2025-12611	date:	2025-11-03T03:15:40.760