Details of VAR-202511-0057

ID

VAR-202511-0057

CVE

CVE-2025-12622

TITLE

Tenda AC10 buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-27114

DESCRIPTION

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Attackers can exploit this vulnerability to trigger a buffer overflow by constructing malicious parameters, thereby achieving remote code execution

Trust: 1.44

sources: NVD: CVE-2025-12622 // CNVD: CNVD-2025-27114

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-27114

AFFECTED PRODUCTS

vendor:

tenda

model:

ac10

scope:

version:

16.03.10.13

Trust: 1.6

sources: CNVD: CNVD-2025-27114 // NVD: CVE-2025-12622

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-12622
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-12622
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-27114
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-12622
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-27114
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-12622
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-12622
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-27114 // NVD: CVE-2025-12622 // NVD: CVE-2025-12622

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0

sources: NVD: CVE-2025-12622

EXTERNAL IDS

db:	NVD	id:	CVE-2025-12622	Trust: 1.6
db:	VULDB	id:	330914	Trust: 1.6
db:	CNVD	id:	CNVD-2025-27114	Trust: 0.6

sources: CNVD: CNVD-2025-27114 // NVD: CVE-2025-12622

REFERENCES

url:	https://vuldb.com/?id.330914	Trust: 1.6
url:	https://vuldb.com/?ctiid.330914	Trust: 1.6
url:	https://vuldb.com/?submit.678889	Trust: 1.6
url:	https://www.yuque.com/ba1ma0-an29k/nnxoap/rg8eug0zk8ep3zne?singledoc	Trust: 1.6
url:	https://pan.baidu.com/s/1jl1zy5niigg1xym8zch_lg	Trust: 1.6
url:	https://www.tenda.com.cn/	Trust: 1.6

sources: CNVD: CNVD-2025-27114 // NVD: CVE-2025-12622

SOURCES

db:	CNVD	id:	CNVD-2025-27114
db:	NVD	id:	CVE-2025-12622

LAST UPDATE DATE

2025-11-19T23:17:52.944000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-27114	date:	2025-11-07T00:00:00
db:	NVD	id:	CVE-2025-12622	date:	2025-11-05T14:34:51.870

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-27114	date:	2025-11-06T00:00:00
db:	NVD	id:	CVE-2025-12622	date:	2025-11-03T08:15:33.640