CVE-2025-3328

Published: Apr 7, 2025Modified: Apr 7, 2025

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Affected (1)

Products: Tenda: Ac1206 Firmware

1 product

Ac1206 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac1206 Firmware	Version 15.03.06.23

Running on/with	Platform Versions
Tenda Ac1206	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set/form_fast_setting_wifi_set.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set_time/time.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.303540

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.303540

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.551893

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Source: cna@vuldb.com

Product

https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set/form_fast_setting_wifi_set.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set_time/time.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.