Search

Find a vulnerability

Search criteria

    34 vulnerabilities found for W12 by Tenda

    CVE-2026-10192 (GCVE-0-2026-10192)

    Vulnerability from nvd – Published: 2026-05-31 16:00 – Updated: 2026-06-01 12:29
    VLAI
    Title
    Tenda W12 httpd set_local_time_0 stack-based overflow
    Summary
    A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10192",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T12:29:33.921006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T12:29:51.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T16:00:13.456Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367473 | Tenda W12 httpd set_local_time_0 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367473"
            },
            {
              "name": "VDB-367473 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367473/cti"
            },
            {
              "name": "CVE-2026-10192 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10192"
            },
            {
              "name": "Submit #820024 | Tenda W12 V3.0.0.7(4763) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820024"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/set_local_time_0_overflow.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 httpd set_local_time_0 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10192",
        "datePublished": "2026-05-31T16:00:13.456Z",
        "dateReserved": "2026-05-30T16:45:18.912Z",
        "dateUpdated": "2026-06-01T12:29:51.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10191 (GCVE-0-2026-10191)

    Vulnerability from nvd – Published: 2026-05-31 15:45 – Updated: 2026-06-01 15:24
    VLAI
    Title
    Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow
    Summary
    A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10191",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T15:16:43.874685Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T15:24:11.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T15:45:14.535Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367472 | Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367472"
            },
            {
              "name": "VDB-367472 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367472/cti"
            },
            {
              "name": "CVE-2026-10191 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10191"
            },
            {
              "name": "Submit #820023 | Tenda W12 V3.0.0.7(4763) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820023"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/cgiWifiMacFilterSet_overflow.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10191",
        "datePublished": "2026-05-31T15:45:14.535Z",
        "dateReserved": "2026-05-30T16:45:16.184Z",
        "dateUpdated": "2026-06-01T15:24:11.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10190 (GCVE-0-2026-10190)

    Vulnerability from nvd – Published: 2026-05-31 15:30 – Updated: 2026-06-01 15:04
    VLAI
    Title
    Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service
    Summary
    A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the attack remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367471 vdb-entrytechnical-description
    https://vuldb.com/vuln/367471/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10190 third-party-advisory
    https://vuldb.com/submit/820022 third-party-advisory
    http://cdn2.v50to.cc/cgiSysWebTimeoutSet_dos.zip exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10190",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T15:04:47.302906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T15:04:52.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/820022"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the attack remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T15:30:13.999Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367471 | Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367471"
            },
            {
              "name": "VDB-367471 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367471/cti"
            },
            {
              "name": "CVE-2026-10190 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10190"
            },
            {
              "name": "Submit #820022 | Tenda W12 V3.0.0.7(4763) Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820022"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/cgiSysWebTimeoutSet_dos.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10190",
        "datePublished": "2026-05-31T15:30:13.999Z",
        "dateReserved": "2026-05-30T16:45:13.485Z",
        "dateUpdated": "2026-06-01T15:04:52.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10189 (GCVE-0-2026-10189)

    Vulnerability from nvd – Published: 2026-05-31 15:00 – Updated: 2026-06-01 13:28
    VLAI
    Title
    Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow
    Summary
    A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10189",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T13:28:26.403905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T13:28:34.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T15:00:14.812Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367470 | Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367470"
            },
            {
              "name": "VDB-367470 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367470/cti"
            },
            {
              "name": "CVE-2026-10189 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10189"
            },
            {
              "name": "Submit #820021 | Tenda W12 V3.0.0.7(4763) stack",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820021"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/cgiSysTimeInfoSet_overflow.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:50.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10189",
        "datePublished": "2026-05-31T15:00:14.812Z",
        "dateReserved": "2026-05-30T16:45:10.724Z",
        "dateUpdated": "2026-06-01T13:28:34.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10188 (GCVE-0-2026-10188)

    Vulnerability from nvd – Published: 2026-05-31 14:30 – Updated: 2026-06-02 14:53
    VLAI
    Title
    Tenda W12 httpd cgistaKickOff stack-based overflow
    Summary
    A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:53:02.632917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:53:18.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T14:30:12.458Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367469 | Tenda W12 httpd cgistaKickOff stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367469"
            },
            {
              "name": "VDB-367469 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367469/cti"
            },
            {
              "name": "CVE-2026-10188 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10188"
            },
            {
              "name": "Submit #820018 | Tenda W12 V3.0.0.7(4763) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820018"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/Tenda%20W12%20cgistaKickOff%20overflow.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 httpd cgistaKickOff stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10188",
        "datePublished": "2026-05-31T14:30:12.458Z",
        "dateReserved": "2026-05-30T16:45:07.942Z",
        "dateUpdated": "2026-06-02T14:53:18.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11550 (GCVE-0-2025-11550)

    Vulnerability from nvd – Published: 2025-10-09 18:02 – Updated: 2026-02-24 06:56
    VLAI
    Title
    Tenda W12 HTTP Request modules wifiScheduledSet null pointer dereference
    Summary
    A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327709 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327709 signaturepermissions-required
    https://vuldb.com/?submit.670118 third-party-advisory
    https://github.com/z472421519/BinaryAudit/blob/ma… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.6(3948)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    z472421519 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T19:23:49.607295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T19:23:52.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/Tenda_W12/cgiWifiScheduledSet/cgiWifiScheduledSet.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP Request Handler"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.6(3948)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "z472421519 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:56:06.954Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327709 | Tenda W12 HTTP Request modules wifiScheduledSet null pointer dereference",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327709"
            },
            {
              "name": "VDB-327709 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327709"
            },
            {
              "name": "Submit #670118 | Tenda W12 V3.0.0.6(3948) NULL Pointer Dereference",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.670118"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/Tenda_W12/cgiWifiScheduledSet/cgiWifiScheduledSet.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-10T08:27:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 HTTP Request modules wifiScheduledSet null pointer dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11550",
        "datePublished": "2025-10-09T18:02:06.757Z",
        "dateReserved": "2025-10-09T11:14:52.099Z",
        "dateUpdated": "2026-02-24T06:56:06.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11549 (GCVE-0-2025-11549)

    Vulnerability from nvd – Published: 2025-10-09 17:02 – Updated: 2026-02-24 06:55
    VLAI
    Title
    Tenda W12 HTTP Request modules wifiMacFilterSet stack-based overflow
    Summary
    A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327708 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327708 signaturepermissions-required
    https://vuldb.com/?submit.670110 third-party-advisory
    https://github.com/z472421519/BinaryAudit/blob/ma… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.6(3948)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    z472421519 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11549",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T19:35:14.699921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T19:35:18.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_W12/cgiWifiMacFilterSet/cgiWifiMacFilterSet.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP Request Handler"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.6(3948)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "z472421519 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:55:52.346Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327708 | Tenda W12 HTTP Request modules wifiMacFilterSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327708"
            },
            {
              "name": "VDB-327708 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327708"
            },
            {
              "name": "Submit #670110 | Tenda W12 V3.0.0.6(3948) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.670110"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_W12/cgiWifiMacFilterSet/cgiWifiMacFilterSet.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-18T04:21:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 HTTP Request modules wifiMacFilterSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11549",
        "datePublished": "2025-10-09T17:02:06.797Z",
        "dateReserved": "2025-10-09T11:14:49.267Z",
        "dateUpdated": "2026-02-24T06:55:52.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9778 (GCVE-0-2025-9778)

    Vulnerability from nvd – Published: 2025-09-01 12:02 – Updated: 2025-09-02 15:09
    VLAI
    Title
    Tenda W12 Administrative shadow hard-coded credentials
    Summary
    A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Hard-coded Credentials
    • CWE-259 - Use of Hard-coded Password
    Assigner
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 1.0.0.1(5411)
    Affected: 1.0.0.5(9419)
    Affected: 2.0.0.3(8326)
    Affected: 2.0.0.6(10720)
    Affected: 3.0.0.5(3644)
    Affected: 3.0.0.6(3948)
    Create a notification for this product.
    Credits
    Yu Bao (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9778",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T14:27:55.530662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T15:09:50.176Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1(5411)"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.5(9419)"
                },
                {
                  "status": "affected",
                  "version": "2.0.0.3(8326)"
                },
                {
                  "status": "affected",
                  "version": "2.0.0.6(10720)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.6(3948)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Yu Bao (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda W12 bis 3.0.0.6(3948) gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Beeinflussen mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 0.8,
                "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T12:02:08.108Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-322080 | Tenda W12 Administrative shadow hard-coded credentials",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.322080"
            },
            {
              "name": "VDB-322080 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.322080"
            },
            {
              "name": "Submit #640969 | Tenda AP W12 V1/V2/V3 Hard-coded Credentials",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.640969"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-01T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-01T07:09:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 Administrative shadow hard-coded credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9778",
        "datePublished": "2025-09-01T12:02:08.108Z",
        "dateReserved": "2025-09-01T05:04:51.235Z",
        "dateUpdated": "2025-09-02T15:09:50.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4007 (GCVE-0-2025-4007)

    Vulnerability from nvd – Published: 2025-04-28 07:31 – Updated: 2025-04-28 16:16
    VLAI
    Title
    Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.306343 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.306343 signaturepermissions-required
    https://vuldb.com/?submit.558165 third-party-advisory
    https://github.com/02Tn/vul/issues/5 exploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Tenda i24 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Credits
    T1an (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4007",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-28T16:14:43.208818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-28T16:16:02.573Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "httpd"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            },
            {
              "modules": [
                "httpd"
              ],
              "product": "i24",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "T1an (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion cgidhcpsCfgSet der Datei /goform/modules der Komponente httpd. Durch Manipulation des Arguments json mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-28T07:31:05.788Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-306343 | Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.306343"
            },
            {
              "name": "VDB-306343 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.306343"
            },
            {
              "name": "Submit #558165 | Tenda w12,i24 w12 V3.0.0.5(3644) and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.558165"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/02Tn/vul/issues/5"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-26T11:23:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-4007",
        "datePublished": "2025-04-28T07:31:05.788Z",
        "dateReserved": "2025-04-26T09:18:43.117Z",
        "dateUpdated": "2025-04-28T16:16:02.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3820 (GCVE-0-2025-3820)

    Vulnerability from nvd – Published: 2025-04-19 20:31 – Updated: 2025-04-21 14:41
    VLAI
    Title
    Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow
    Summary
    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.305726 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.305726 signaturepermissions-required
    https://vuldb.com/?submit.555728 third-party-advisory
    https://github.com/02Tn/vul/issues/4 exploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Tenda i24 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Credits
    T1an (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3820",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-21T14:40:46.323681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-21T14:41:40.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            },
            {
              "product": "i24",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "T1an (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion cgiSysUplinkCheckSet der Datei /bin/httpd. Durch die Manipulation des Arguments hostIp1/hostIp2 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-19T20:31:06.957Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-305726 | Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.305726"
            },
            {
              "name": "VDB-305726 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.305726"
            },
            {
              "name": "Submit #555728 | Tenda w12,i24 w12 V3.0.0.5(3644) and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.555728"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/02Tn/vul/issues/4"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-19T02:00:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3820",
        "datePublished": "2025-04-19T20:31:06.957Z",
        "dateReserved": "2025-04-18T23:55:24.153Z",
        "dateUpdated": "2025-04-21T14:41:40.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3803 (GCVE-0-2025-3803)

    Vulnerability from nvd – Published: 2025-04-19 15:00 – Updated: 2025-04-21 02:34
    VLAI
    Title
    Tenda W12/i24 httpd cgiSysScheduleRebootSet stack-based overflow
    Summary
    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.305657 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.305657 signaturepermissions-required
    https://vuldb.com/?submit.554756 third-party-advisory
    https://github.com/02Tn/vul/issues/3 exploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Tenda i24 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Credits
    T1an (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3803",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-21T02:33:57.069075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-21T02:34:15.662Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            },
            {
              "product": "i24",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "T1an (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion cgiSysScheduleRebootSet der Datei /bin/httpd. Dank der Manipulation des Arguments rebootDate mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-19T15:00:15.751Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-305657 | Tenda W12/i24 httpd cgiSysScheduleRebootSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.305657"
            },
            {
              "name": "VDB-305657 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.305657"
            },
            {
              "name": "Submit #554756 | Tenda w12,i24 w12 V3.0.0.5(3644) and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.554756"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/02Tn/vul/issues/3"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-18T16:24:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12/i24 httpd cgiSysScheduleRebootSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3803",
        "datePublished": "2025-04-19T15:00:15.751Z",
        "dateReserved": "2025-04-18T14:19:24.447Z",
        "dateUpdated": "2025-04-21T02:34:15.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3802 (GCVE-0-2025-3802)

    Vulnerability from nvd – Published: 2025-04-19 14:31 – Updated: 2025-04-21 14:58
    VLAI
    Title
    Tenda W12/i24 httpd cgiPingSet stack-based overflow
    Summary
    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.305656 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.305656 signaturepermissions-required
    https://vuldb.com/?submit.554746 third-party-advisory
    https://github.com/02Tn/vul/issues/2 exploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Tenda i24 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Credits
    T1an (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3802",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-21T14:57:48.520757Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-21T14:58:30.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            },
            {
              "product": "i24",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "T1an (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion cgiPingSet der Datei /bin/httpd. Durch Beeinflussen des Arguments pingIP mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-19T14:31:05.921Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-305656 | Tenda W12/i24 httpd cgiPingSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.305656"
            },
            {
              "name": "VDB-305656 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.305656"
            },
            {
              "name": "Submit #554746 | Tenda w12 and i24 w12 V3.0.0.5(3644)  and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.554746"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/02Tn/vul/issues/2"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-18T16:24:30.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12/i24 httpd cgiPingSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3802",
        "datePublished": "2025-04-19T14:31:05.921Z",
        "dateReserved": "2025-04-18T14:19:21.810Z",
        "dateUpdated": "2025-04-21T14:58:30.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-10192 (GCVE-0-2026-10192)

    Vulnerability from cvelistv5 – Published: 2026-05-31 16:00 – Updated: 2026-06-01 12:29
    VLAI
    Title
    Tenda W12 httpd set_local_time_0 stack-based overflow
    Summary
    A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10192",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T12:29:33.921006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T12:29:51.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T16:00:13.456Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367473 | Tenda W12 httpd set_local_time_0 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367473"
            },
            {
              "name": "VDB-367473 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367473/cti"
            },
            {
              "name": "CVE-2026-10192 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10192"
            },
            {
              "name": "Submit #820024 | Tenda W12 V3.0.0.7(4763) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820024"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/set_local_time_0_overflow.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 httpd set_local_time_0 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10192",
        "datePublished": "2026-05-31T16:00:13.456Z",
        "dateReserved": "2026-05-30T16:45:18.912Z",
        "dateUpdated": "2026-06-01T12:29:51.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10191 (GCVE-0-2026-10191)

    Vulnerability from cvelistv5 – Published: 2026-05-31 15:45 – Updated: 2026-06-01 15:24
    VLAI
    Title
    Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow
    Summary
    A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10191",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T15:16:43.874685Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T15:24:11.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T15:45:14.535Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367472 | Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367472"
            },
            {
              "name": "VDB-367472 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367472/cti"
            },
            {
              "name": "CVE-2026-10191 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10191"
            },
            {
              "name": "Submit #820023 | Tenda W12 V3.0.0.7(4763) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820023"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/cgiWifiMacFilterSet_overflow.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10191",
        "datePublished": "2026-05-31T15:45:14.535Z",
        "dateReserved": "2026-05-30T16:45:16.184Z",
        "dateUpdated": "2026-06-01T15:24:11.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10190 (GCVE-0-2026-10190)

    Vulnerability from cvelistv5 – Published: 2026-05-31 15:30 – Updated: 2026-06-01 15:04
    VLAI
    Title
    Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service
    Summary
    A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the attack remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367471 vdb-entrytechnical-description
    https://vuldb.com/vuln/367471/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10190 third-party-advisory
    https://vuldb.com/submit/820022 third-party-advisory
    http://cdn2.v50to.cc/cgiSysWebTimeoutSet_dos.zip exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10190",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T15:04:47.302906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T15:04:52.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/820022"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the attack remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T15:30:13.999Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367471 | Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367471"
            },
            {
              "name": "VDB-367471 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367471/cti"
            },
            {
              "name": "CVE-2026-10190 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10190"
            },
            {
              "name": "Submit #820022 | Tenda W12 V3.0.0.7(4763) Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820022"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/cgiSysWebTimeoutSet_dos.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10190",
        "datePublished": "2026-05-31T15:30:13.999Z",
        "dateReserved": "2026-05-30T16:45:13.485Z",
        "dateUpdated": "2026-06-01T15:04:52.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10189 (GCVE-0-2026-10189)

    Vulnerability from cvelistv5 – Published: 2026-05-31 15:00 – Updated: 2026-06-01 13:28
    VLAI
    Title
    Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow
    Summary
    A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10189",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T13:28:26.403905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T13:28:34.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T15:00:14.812Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367470 | Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367470"
            },
            {
              "name": "VDB-367470 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367470/cti"
            },
            {
              "name": "CVE-2026-10189 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10189"
            },
            {
              "name": "Submit #820021 | Tenda W12 V3.0.0.7(4763) stack",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820021"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/cgiSysTimeInfoSet_overflow.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:50.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10189",
        "datePublished": "2026-05-31T15:00:14.812Z",
        "dateReserved": "2026-05-30T16:45:10.724Z",
        "dateUpdated": "2026-06-01T13:28:34.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10188 (GCVE-0-2026-10188)

    Vulnerability from cvelistv5 – Published: 2026-05-31 14:30 – Updated: 2026-06-02 14:53
    VLAI
    Title
    Tenda W12 httpd cgistaKickOff stack-based overflow
    Summary
    A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.7(4763)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    CookedMelon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:53:02.632917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:53:18.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.7(4763)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CookedMelon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-31T14:30:12.458Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367469 | Tenda W12 httpd cgistaKickOff stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367469"
            },
            {
              "name": "VDB-367469 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367469/cti"
            },
            {
              "name": "CVE-2026-10188 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10188"
            },
            {
              "name": "Submit #820018 | Tenda W12 V3.0.0.7(4763) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/820018"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "http://cdn2.v50to.cc/Tenda%20W12%20cgistaKickOff%20overflow.zip"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-30T18:52:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 httpd cgistaKickOff stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10188",
        "datePublished": "2026-05-31T14:30:12.458Z",
        "dateReserved": "2026-05-30T16:45:07.942Z",
        "dateUpdated": "2026-06-02T14:53:18.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11550 (GCVE-0-2025-11550)

    Vulnerability from cvelistv5 – Published: 2025-10-09 18:02 – Updated: 2026-02-24 06:56
    VLAI
    Title
    Tenda W12 HTTP Request modules wifiScheduledSet null pointer dereference
    Summary
    A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327709 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327709 signaturepermissions-required
    https://vuldb.com/?submit.670118 third-party-advisory
    https://github.com/z472421519/BinaryAudit/blob/ma… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.6(3948)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    z472421519 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T19:23:49.607295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T19:23:52.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/Tenda_W12/cgiWifiScheduledSet/cgiWifiScheduledSet.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP Request Handler"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.6(3948)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "z472421519 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:56:06.954Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327709 | Tenda W12 HTTP Request modules wifiScheduledSet null pointer dereference",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327709"
            },
            {
              "name": "VDB-327709 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327709"
            },
            {
              "name": "Submit #670118 | Tenda W12 V3.0.0.6(3948) NULL Pointer Dereference",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.670118"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/Tenda_W12/cgiWifiScheduledSet/cgiWifiScheduledSet.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-10T08:27:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 HTTP Request modules wifiScheduledSet null pointer dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11550",
        "datePublished": "2025-10-09T18:02:06.757Z",
        "dateReserved": "2025-10-09T11:14:52.099Z",
        "dateUpdated": "2026-02-24T06:56:06.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11549 (GCVE-0-2025-11549)

    Vulnerability from cvelistv5 – Published: 2025-10-09 17:02 – Updated: 2026-02-24 06:55
    VLAI
    Title
    Tenda W12 HTTP Request modules wifiMacFilterSet stack-based overflow
    Summary
    A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327708 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327708 signaturepermissions-required
    https://vuldb.com/?submit.670110 third-party-advisory
    https://github.com/z472421519/BinaryAudit/blob/ma… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.6(3948)
        cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    z472421519 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11549",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T19:35:14.699921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T19:35:18.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_W12/cgiWifiMacFilterSet/cgiWifiMacFilterSet.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:w12_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP Request Handler"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.6(3948)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "z472421519 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:55:52.346Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327708 | Tenda W12 HTTP Request modules wifiMacFilterSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327708"
            },
            {
              "name": "VDB-327708 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327708"
            },
            {
              "name": "Submit #670110 | Tenda W12 V3.0.0.6(3948) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.670110"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_W12/cgiWifiMacFilterSet/cgiWifiMacFilterSet.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-18T04:21:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 HTTP Request modules wifiMacFilterSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11549",
        "datePublished": "2025-10-09T17:02:06.797Z",
        "dateReserved": "2025-10-09T11:14:49.267Z",
        "dateUpdated": "2026-02-24T06:55:52.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9778 (GCVE-0-2025-9778)

    Vulnerability from cvelistv5 – Published: 2025-09-01 12:02 – Updated: 2025-09-02 15:09
    VLAI
    Title
    Tenda W12 Administrative shadow hard-coded credentials
    Summary
    A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Hard-coded Credentials
    • CWE-259 - Use of Hard-coded Password
    Assigner
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 1.0.0.1(5411)
    Affected: 1.0.0.5(9419)
    Affected: 2.0.0.3(8326)
    Affected: 2.0.0.6(10720)
    Affected: 3.0.0.5(3644)
    Affected: 3.0.0.6(3948)
    Create a notification for this product.
    Credits
    Yu Bao (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9778",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T14:27:55.530662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T15:09:50.176Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1(5411)"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.5(9419)"
                },
                {
                  "status": "affected",
                  "version": "2.0.0.3(8326)"
                },
                {
                  "status": "affected",
                  "version": "2.0.0.6(10720)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.6(3948)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Yu Bao (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda W12 bis 3.0.0.6(3948) gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Beeinflussen mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 0.8,
                "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T12:02:08.108Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-322080 | Tenda W12 Administrative shadow hard-coded credentials",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.322080"
            },
            {
              "name": "VDB-322080 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.322080"
            },
            {
              "name": "Submit #640969 | Tenda AP W12 V1/V2/V3 Hard-coded Credentials",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.640969"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-01T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-01T07:09:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12 Administrative shadow hard-coded credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9778",
        "datePublished": "2025-09-01T12:02:08.108Z",
        "dateReserved": "2025-09-01T05:04:51.235Z",
        "dateUpdated": "2025-09-02T15:09:50.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4007 (GCVE-0-2025-4007)

    Vulnerability from cvelistv5 – Published: 2025-04-28 07:31 – Updated: 2025-04-28 16:16
    VLAI
    Title
    Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.306343 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.306343 signaturepermissions-required
    https://vuldb.com/?submit.558165 third-party-advisory
    https://github.com/02Tn/vul/issues/5 exploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Tenda i24 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Credits
    T1an (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4007",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-28T16:14:43.208818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-28T16:16:02.573Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "httpd"
              ],
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            },
            {
              "modules": [
                "httpd"
              ],
              "product": "i24",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "T1an (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion cgidhcpsCfgSet der Datei /goform/modules der Komponente httpd. Durch Manipulation des Arguments json mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-28T07:31:05.788Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-306343 | Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.306343"
            },
            {
              "name": "VDB-306343 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.306343"
            },
            {
              "name": "Submit #558165 | Tenda w12,i24 w12 V3.0.0.5(3644) and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.558165"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/02Tn/vul/issues/5"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-26T11:23:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-4007",
        "datePublished": "2025-04-28T07:31:05.788Z",
        "dateReserved": "2025-04-26T09:18:43.117Z",
        "dateUpdated": "2025-04-28T16:16:02.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3820 (GCVE-0-2025-3820)

    Vulnerability from cvelistv5 – Published: 2025-04-19 20:31 – Updated: 2025-04-21 14:41
    VLAI
    Title
    Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow
    Summary
    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.305726 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.305726 signaturepermissions-required
    https://vuldb.com/?submit.555728 third-party-advisory
    https://github.com/02Tn/vul/issues/4 exploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda W12 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Tenda i24 Affected: 3.0.0.4(2887)
    Affected: 3.0.0.5(3644)
    Create a notification for this product.
    Credits
    T1an (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3820",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-21T14:40:46.323681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-21T14:41:40.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W12",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            },
            {
              "product": "i24",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0.4(2887)"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.5(3644)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "T1an (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion cgiSysUplinkCheckSet der Datei /bin/httpd. Durch die Manipulation des Arguments hostIp1/hostIp2 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-19T20:31:06.957Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-305726 | Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.305726"
            },
            {
              "name": "VDB-305726 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.305726"
            },
            {
              "name": "Submit #555728 | Tenda w12,i24 w12 V3.0.0.5(3644) and i24 V3.0.0.4(2887) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.555728"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/02Tn/vul/issues/4"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-19T02:00:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3820",
        "datePublished": "2025-04-19T20:31:06.957Z",
        "dateReserved": "2025-04-18T23:55:24.153Z",
        "dateUpdated": "2025-04-21T14:41:40.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202509-0004

    Vulnerability from variot - Updated: 2025-11-25 00:05

    A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W12 is a dual-band gigabit wireless panel access point (AP) from Tenda Technology, designed for scenarios such as hotels, villas, and large apartments. It supports the IEEE 802.11ac protocol and the Wave2 standard, and boasts a dual-band concurrent speed of 1167Mbps. Attackers can exploit this vulnerability to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202509-0004",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.6\\(3948\\)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "w12  firmware  3.0.0.6(3948)"
          },
          {
            "model": "w12",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "w12",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "jixiang tengda",
            "version": "\u003c=123.0.0.63948"
          },
          {
            "model": "w12",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "\u003c=3.0.0.6(3948)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9778"
          }
        ]
      },
      "cve": "CVE-2025-9778",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "NONE",
                "baseScore": 0.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 1.2,
                "id": "CVE-2025-9778",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Local",
                "authentication": "Multiple",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 0.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-013160",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 0.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 1.2,
                "id": "CNVD-2025-28848",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "cna@vuldb.com",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 0.5,
                "id": "CVE-2025-9778",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.0,
                "id": "CVE-2025-9778",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-013160",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-9778",
                "trust": 1.0,
                "value": "Low"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-9778",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-013160",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-28848",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9778"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9778"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W12 is a dual-band gigabit wireless panel access point (AP) from Tenda Technology, designed for scenarios such as hotels, villas, and large apartments. It supports the IEEE 802.11ac protocol and the Wave2 standard, and boasts a dual-band concurrent speed of 1167Mbps. Attackers can exploit this vulnerability to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-9778"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-9778",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "322080",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013160",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-28848",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9778"
          }
        ]
      },
      "id": "VAR-202509-0004",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          }
        ]
      },
      "last_update_date": "2025-11-25T00:05:03.112000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "Using hardcoded passwords (CWE-259) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Use hard-coded credentials (CWE-798) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9778"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.322080"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.640969"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-9778"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.322080"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/august829/yu/blob/main/58ead8e7e08bfb0e8.md"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/august829/yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9778"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9778"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          },
          {
            "date": "2025-09-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          },
          {
            "date": "2025-09-01T12:15:32.180000",
            "db": "NVD",
            "id": "CVE-2025-9778"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-28848"
          },
          {
            "date": "2025-09-05T09:32:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          },
          {
            "date": "2025-09-04T16:19:21.700000",
            "db": "NVD",
            "id": "CVE-2025-9778"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0W12\u00a0 Vulnerability related to use of hardcoded credentials in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-013160"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202510-0313

    Vulnerability from variot - Updated: 2025-11-23 23:47

    A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used. The Tenda W12 is a dual-band gigabit wireless panel access point (AP) launched by Tenda Technology, designed for scenarios such as hotels, villas, and large apartments. It supports the IEEE 802.11ac protocol and Wave2 standard, and boasts a dual-band concurrent speed of 1167Mbps. Detailed vulnerability information is currently unavailable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202510-0313",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.6\\(3948\\)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "3.0.0.6(3948)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11550"
          }
        ]
      },
      "cve": "CVE-2025-11550",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-11550",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-28847",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-11550",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-11550",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-28847",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11550"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used. The Tenda W12 is a dual-band gigabit wireless panel access point (AP) launched by Tenda Technology, designed for scenarios such as hotels, villas, and large apartments. It supports the IEEE 802.11ac protocol and Wave2 standard, and boasts a dual-band concurrent speed of 1167Mbps. Detailed vulnerability information is currently unavailable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-11550"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-11550",
            "trust": 1.6
          },
          {
            "db": "VULDB",
            "id": "327709",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11550"
          }
        ]
      },
      "id": "VAR-202510-0313",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          }
        ]
      },
      "last_update_date": "2025-11-23T23:47:07.513000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-404",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-11550"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z472421519/binaryaudit/blob/main/poc/npd/tenda_w12/cgiwifischeduledset/cgiwifischeduledset.md"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?submit.670118"
          },
          {
            "trust": 1.0,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?id.327709"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.327709"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11550"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11550"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          },
          {
            "date": "2025-10-09T18:15:48.610000",
            "db": "NVD",
            "id": "CVE-2025-11550"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          },
          {
            "date": "2025-10-20T20:42:34.860000",
            "db": "NVD",
            "id": "CVE-2025-11550"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda W12 NullPointer Dereference Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-28847"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202510-0318

    Vulnerability from variot - Updated: 2025-10-20 04:06

    A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The W12 is a high-performance wireless access point from China's Tenda company.

    Shenzhen Jixiang Tenda Technology Co., Ltd.'s W12 version 3.0.0.6 suffers from a buffer overflow vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202510-0318",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.6\\(3948\\)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "jixiang tengda",
            "version": "3.0.0.6"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11549"
          }
        ]
      },
      "cve": "CVE-2025-11549",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-11549",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-24167",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-11549",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-11549",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-11549",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-11549",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-24167",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11549"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11549"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The W12 is a high-performance wireless access point from China\u0027s Tenda company. \n\nShenzhen Jixiang Tenda Technology Co., Ltd.\u0027s W12 version 3.0.0.6 suffers from a buffer overflow vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-11549"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-11549",
            "trust": 1.6
          },
          {
            "db": "VULDB",
            "id": "327708",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11549"
          }
        ]
      },
      "id": "VAR-202510-0318",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          }
        ]
      },
      "last_update_date": "2025-10-20T04:06:03.169000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-11549"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://github.com/z472421519/binaryaudit/blob/main/poc/bof/tenda_w12/cgiwifimacfilterset/cgiwifimacfilterset.md"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.327708"
          },
          {
            "trust": 1.0,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?id.327708"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?submit.670110"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-11549"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11549"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11549"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          },
          {
            "date": "2025-10-09T17:15:58.627000",
            "db": "NVD",
            "id": "CVE-2025-11549"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          },
          {
            "date": "2025-10-18T01:57:07.250000",
            "db": "NVD",
            "id": "CVE-2025-11549"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda W12 Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24167"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202504-3170

    Vulnerability from variot - Updated: 2025-08-02 23:15

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute code and control the affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-3170",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.4\\(2887\\)"
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.5\\(3644\\)"
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.4\\(2887\\)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.5\\(3644\\)"
          },
          {
            "model": "w12",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "i24",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "3.0.0.5(3644)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "3.0.0.4(2887)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3803"
          }
        ]
      },
      "cve": "CVE-2025-3803",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-3803",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010306",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-09681",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-3803",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010306",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-3803",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-010306",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-09681",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3803"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute code and control the affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3803"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-3803",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "305657",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010306",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-09681",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3803"
          }
        ]
      },
      "id": "VAR-202504-3170",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          }
        ]
      },
      "last_update_date": "2025-08-02T23:15:47.059000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3803"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/02tn/vul/issues/3"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.305657"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.554756"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-3803"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.305657"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3803"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3803"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          },
          {
            "date": "2025-07-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          },
          {
            "date": "2025-04-19T15:15:47.040000",
            "db": "NVD",
            "id": "CVE-2025-3803"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-09681"
          },
          {
            "date": "2025-07-31T03:19:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          },
          {
            "date": "2025-07-30T18:57:31.417000",
            "db": "NVD",
            "id": "CVE-2025-3803"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0W12\u00a0 firmware and \u00a0i24\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010306"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202504-3237

    Vulnerability from variot - Updated: 2025-08-02 23:13

    A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the parameter json in /goform/modules to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-3237",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.4\\(2887\\)"
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.5\\(3644\\)"
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.4\\(2887\\)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.5\\(3644\\)"
          },
          {
            "model": "w12",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "i24",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "3.0.0.5(3644)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "3.0.0.4(2887)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4007"
          }
        ]
      },
      "cve": "CVE-2025-4007",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-4007",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010304",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-09669",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-4007",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010304",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-4007",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-010304",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-09669",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4007"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the parameter json in /goform/modules to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-4007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-4007",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "306343",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010304",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4007"
          }
        ]
      },
      "id": "VAR-202504-3237",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          }
        ]
      },
      "last_update_date": "2025-08-02T23:13:09.550000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda W12/i24 Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/687681"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4007"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/02tn/vul/issues/5"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.306343"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.558165"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-4007"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.306343"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4007"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4007"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          },
          {
            "date": "2025-07-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          },
          {
            "date": "2025-04-28T08:15:16.117000",
            "db": "NVD",
            "id": "CVE-2025-4007"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-09669"
          },
          {
            "date": "2025-07-31T03:19:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          },
          {
            "date": "2025-07-30T18:57:09.823000",
            "db": "NVD",
            "id": "CVE-2025-4007"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0W12\u00a0 firmware and \u00a0i24\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010304"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202504-3167

    Vulnerability from variot - Updated: 2025-08-02 23:09

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by improper handling of cgiSysUplinkCheckSet. Attackers can exploit this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-3167",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.4\\(2887\\)"
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.5\\(3644\\)"
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.4\\(2887\\)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.5\\(3644\\)"
          },
          {
            "model": "w12",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "i24",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "3.0.0.5(3644)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "3.0.0.4(2887)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3820"
          }
        ]
      },
      "cve": "CVE-2025-3820",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-3820",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010305",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-09682",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-3820",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010305",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-3820",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-010305",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-09682",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3820"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by improper handling of cgiSysUplinkCheckSet. Attackers can exploit this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3820"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-3820",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "305726",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010305",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-09682",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3820"
          }
        ]
      },
      "id": "VAR-202504-3167",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          }
        ]
      },
      "last_update_date": "2025-08-02T23:09:37.510000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3820"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/02tn/vul/issues/4"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.305726"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.555728"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-3820"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.305726"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3820"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3820"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          },
          {
            "date": "2025-07-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          },
          {
            "date": "2025-04-19T21:15:45.660000",
            "db": "NVD",
            "id": "CVE-2025-3820"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-09682"
          },
          {
            "date": "2025-07-31T03:19:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          },
          {
            "date": "2025-07-30T18:57:54.207000",
            "db": "NVD",
            "id": "CVE-2025-3820"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0W12\u00a0 firmware and \u00a0i24\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010305"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202504-3188

    Vulnerability from variot - Updated: 2025-08-02 23:09

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are provided at present

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-3188",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.4\\(2887\\)"
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.5\\(3644\\)"
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.4\\(2887\\)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "3.0.0.5\\(3644\\)"
          },
          {
            "model": "w12",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "i24",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "i24",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "3.0.0.5(3644)"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "3.0.0.4(2887)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3802"
          }
        ]
      },
      "cve": "CVE-2025-3802",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-3802",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010307",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-09677",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-3802",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010307",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-3802",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-010307",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-09677",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3802"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are provided at present",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3802"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-3802",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "305656",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010307",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-09677",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3802"
          }
        ]
      },
      "id": "VAR-202504-3188",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          }
        ]
      },
      "last_update_date": "2025-08-02T23:09:37.487000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3802"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/02tn/vul/issues/2"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.305656"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.554746"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-3802"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.305656"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3802"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3802"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          },
          {
            "date": "2025-07-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          },
          {
            "date": "2025-04-19T15:15:46.073000",
            "db": "NVD",
            "id": "CVE-2025-3802"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-09677"
          },
          {
            "date": "2025-07-31T03:19:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          },
          {
            "date": "2025-07-30T18:57:42.063000",
            "db": "NVD",
            "id": "CVE-2025-3802"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0W12\u00a0 firmware and \u00a0i24\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010307"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202504-1056

    Vulnerability from variot - Updated: 2025-07-28 23:35

    A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. of W12 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W12 is a wireless router that provides wireless network connection function. The vulnerability is caused by the failure of the cgiWifiRadioSet function in the /bin/httpd file to properly validate the input data when processing specific requests. Attackers can exploit this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-1056",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "w12",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "3.0.0.5"
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "w12",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "w12",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "w12  firmware  3.0.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3693"
          }
        ]
      },
      "cve": "CVE-2025-3693",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-3693",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-009816",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-08772",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-3693",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-3693",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-009816",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-3693",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-3693",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-009816",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-08772",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3693"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3693"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. of W12 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W12 is a wireless router that provides wireless network connection function. The vulnerability is caused by the failure of the cgiWifiRadioSet function in the /bin/httpd file to properly validate the input data when processing specific requests. Attackers can exploit this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-3693",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "304982",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009816",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-08772",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3693"
          }
        ]
      },
      "id": "VAR-202504-1056",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          }
        ]
      },
      "last_update_date": "2025-07-28T23:35:41.327000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3693"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/02tn/vul/issues/1"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.304982"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.553526"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-3693"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.304982"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3693"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3693"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-04-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          },
          {
            "date": "2025-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          },
          {
            "date": "2025-04-16T14:15:28.793000",
            "db": "NVD",
            "id": "CVE-2025-3693"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-04-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-08772"
          },
          {
            "date": "2025-07-24T09:22:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          },
          {
            "date": "2025-07-16T15:33:59.607000",
            "db": "NVD",
            "id": "CVE-2025-3693"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0W12\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009816"
          }
        ],
        "trust": 0.8
      }
    }