Sign-up

ID

VAR-202512-4721


CVE

CVE-2025-67073


DESCRIPTION

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.

Trust: 1.0

sources: NVD: CVE-2025-67073

AFFECTED PRODUCTS

vendor:tendamodel:ac10scope:eqversion:16.03.10.20

Trust: 1.0

sources: NVD: CVE-2025-67073

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-67073
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-67073
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-67073

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

sources: NVD: CVE-2025-67073

EXTERNAL IDS

db:NVDid:CVE-2025-67073

Trust: 1.0

sources: NVD: CVE-2025-67073

REFERENCES

url:https://github.com/johnathanhuutri/cvereport/tree/master/cve-2025-67073

Trust: 1.0

sources: NVD: CVE-2025-67073

SOURCES

db:NVDid:CVE-2025-67073

LAST UPDATE DATE

2026-01-14T23:56:08.527000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-67073date:2026-01-02T19:45:45.160

SOURCES RELEASE DATE

db:NVDid:CVE-2025-67073date:2025-12-17T20:15:56.357