Sign-up

ID

VAR-202512-3922


CVE

CVE-2025-67074


DESCRIPTION

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.

Trust: 1.0

sources: NVD: CVE-2025-67074

AFFECTED PRODUCTS

vendor:tendamodel:ac10scope:eqversion:16.03.10.20

Trust: 1.0

sources: NVD: CVE-2025-67074

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-67074
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-67074
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-67074

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

sources: NVD: CVE-2025-67074

EXTERNAL IDS

db:NVDid:CVE-2025-67074

Trust: 1.0

sources: NVD: CVE-2025-67074

REFERENCES

url:https://github.com/johnathanhuutri/cvereport/tree/master/cve-2025-67074

Trust: 1.0

sources: NVD: CVE-2025-67074

SOURCES

db:NVDid:CVE-2025-67074

LAST UPDATE DATE

2026-01-14T23:55:01.888000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-67074date:2026-01-02T19:44:26.620

SOURCES RELEASE DATE

db:NVDid:CVE-2025-67074date:2025-12-17T20:15:56.517