Details of VAR-202511-1341

ID

VAR-202511-1341

CVE

CVE-2025-46776

TITLE

fortinet's FortiExtender Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-020604

DESCRIPTION

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands. fortinet's FortiExtender Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Fortinet FortiExtender is a wireless WAN (Wide Area Network) extender device manufactured by Fortinet Systems, Inc. The Fortinet FortiExtender contains a buffer overflow vulnerability stemming from unchecked input size buffer copying

Trust: 2.16

sources: NVD: CVE-2025-46776 // JVNDB: JVNDB-2025-020604 // CNVD: CNVD-2025-29158

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-29158

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	lt	version:	7.4.8	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	lt	version:	7.6.3	Trust: 1.0
vendor:	フォーティネット	model:	fortiextender	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiextender	scope:	eq	version:	fortiextender firmware 7.6.0 that's all 7.6.3	Trust: 0.8
vendor:	フォーティネット	model:	fortiextender	scope:	eq	version:	fortiextender firmware 7.0.0 that's all 7.4.8	Trust: 0.8
vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.0.0,<7.4.8	Trust: 0.6
vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.6.0,<7.6.3	Trust: 0.6

sources: CNVD: CNVD-2025-29158 // JVNDB: JVNDB-2025-020604 // NVD: CVE-2025-46776

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2025-46776
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-46776
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-46776
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-29158
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-29158
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@fortinet.com:	CVE-2025-46776
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-46776
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-46776
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-29158 // JVNDB: JVNDB-2025-020604 // NVD: CVE-2025-46776 // NVD: CVE-2025-46776

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-020604 // NVD: CVE-2025-46776

PATCH

title:	FG-IR-25-251	url:	https://fortiguard.fortinet.com/psirt/FG-IR-25-251	Trust: 0.8
title:	Patch for Fortinet FortiExtender buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/756826	Trust: 0.6

sources: CNVD: CNVD-2025-29158 // JVNDB: JVNDB-2025-020604

EXTERNAL IDS

db:	NVD	id:	CVE-2025-46776	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-020604	Trust: 0.8
db:	CNVD	id:	CNVD-2025-29158	Trust: 0.6

sources: CNVD: CNVD-2025-29158 // JVNDB: JVNDB-2025-020604 // NVD: CVE-2025-46776

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2025-46776	Trust: 1.4
url:	https://fortiguard.fortinet.com/psirt/fg-ir-25-251	Trust: 1.0

sources: CNVD: CNVD-2025-29158 // JVNDB: JVNDB-2025-020604 // NVD: CVE-2025-46776

SOURCES

db:	CNVD	id:	CNVD-2025-29158
db:	JVNDB	id:	JVNDB-2025-020604
db:	NVD	id:	CVE-2025-46776

LAST UPDATE DATE

2025-12-20T23:46:14.020000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-29158	date:	2025-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2025-020604	date:	2025-11-28T09:08:00
db:	NVD	id:	CVE-2025-46776	date:	2025-11-20T14:39:19.060

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-29158	date:	2025-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2025-020604	date:	2025-11-28T00:00:00
db:	NVD	id:	CVE-2025-46776	date:	2025-11-18T17:16:02.180