Details of VAR-202511-0360

ID

VAR-202511-0360

CVE

CVE-2025-63835

TITLE

Tenda AC18 guestSsid parameter stack buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-28839

DESCRIPTION

A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution. The Tenda AC18 is a dual-band wireless router launched in July 2016 by Shenzhen Jixiang Tenda Technology Co., Ltd., primarily targeting villa and large-apartment users. This vulnerability stems from the fact that the guestSsid parameter of the /goform/WifiGuestSet interface fails to properly validate the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-63835 // CNVD: CNVD-2025-28839

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-28839

AFFECTED PRODUCTS

vendor:	tenda	model:	ac18	scope:	eq	version:	15.03.05.05	Trust: 1.0
vendor:	tenda	model:	ac18 v15.03.05.05 multi	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-28839 // NVD: CVE-2025-63835

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-63835
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-63835
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-28839
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-28839
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-63835
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-63835
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-28839 // NVD: CVE-2025-63835 // NVD: CVE-2025-63835

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0

sources: NVD: CVE-2025-63835

EXTERNAL IDS

db:	NVD	id:	CVE-2025-63835	Trust: 1.6
db:	CNVD	id:	CNVD-2025-28839	Trust: 0.6

sources: CNVD: CNVD-2025-28839 // NVD: CVE-2025-63835

REFERENCES

url:

https://github.com/babraink/cve_report/blob/main/cve_report/tenda/tendaac18/2_wifiguest_guestssid_overflow/readme.md

Trust: 1.6

sources: CNVD: CNVD-2025-28839 // NVD: CVE-2025-63835

SOURCES

db:	CNVD	id:	CNVD-2025-28839
db:	NVD	id:	CVE-2025-63835

LAST UPDATE DATE

2025-11-23T23:58:45.597000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-28839	date:	2025-11-20T00:00:00
db:	NVD	id:	CVE-2025-63835	date:	2025-11-18T17:16:13.363

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-28839	date:	2025-11-19T00:00:00
db:	NVD	id:	CVE-2025-63835	date:	2025-11-10T17:15:35.960