Skip to main content

Ac18 Firmware CVE-2025-5609

| EUVDEUVD-2025-16919 HIGH
Buffer Overflow (CWE-119)
2025-06-04 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16919
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
PoC Detected
Jun 17, 2025 - 20:41 vuln.today
Public exploit code
CVE Published
Jun 04, 2025 - 20:15 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, exploitable via the /goform/AdvSetLanip endpoint's lanMask parameter. An authenticated remote attacker can trigger memory corruption leading to complete system compromise (confidentiality, integrity, availability). A public exploit proof-of-concept exists, and the vulnerability is likely being actively weaponized given disclosure status and CVSS 8.8 severity.

Technical ContextAI

The vulnerability resides in the fromadvsetlanip function within the HTTP request handler /goform/AdvSetLanip of Tenda AC18 firmware (CPE: cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*). The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow flaw where user-supplied input in the lanMask parameter is copied into a fixed-size buffer without proper bounds checking. This is a common pattern in legacy embedded device firmware where the CGI handler fails to validate input length before stack or heap allocation. The vulnerability affects the LAN IP configuration subsystem, a privileged network function typically accessible only after authentication but critical in router security architecture.

RemediationAI

Primary mitigation: (1) Upgrade Tenda AC18 firmware to the latest available version released after this CVE disclosure—verify patch release at Tenda's official support site (support.tenda.com.cn or regional equivalent); (2) If patch unavailable, implement network segmentation: restrict access to router web interface (port 80/443) to trusted administrative networks only using firewall rules; (3) Change default router credentials immediately and enforce strong unique passwords; (4) Disable remote management features if not required. Temporary workaround: disable HTTP/HTTPS management interface access from untrusted networks. Note: Given the embedded device nature, firmware patching may require manual upload via web interface—backup configuration before attempting patch.

CVE-2024-33182 CRITICAL POC
9.8 Jul 16

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId paramet

CVE-2024-33180 CRITICAL POC
9.8 Jul 16

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId paramet

CVE-2024-33835 CRITICAL POC
9.8 May 01

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.

CVE-2024-28545 CRITICAL POC
9.8 Mar 26

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload func

CVE-2024-2854 CRITICAL POC
9.8 Mar 24

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Rated critical severity (CVSS 9.8), thi

CVE-2024-28537 CRITICAL POC
9.8 Mar 18

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. Rated

CVE-2024-28553 CRITICAL POC
9.8 Mar 12

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Rated critic

CVE-2024-28535 CRITICAL POC
9.8 Mar 12

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Rat

CVE-2023-30135 CRITICAL POC
9.8 May 05

Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName paramet

CVE-2023-24166 CRITICAL POC
9.8 Jan 26

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. Rated critical severity (CVSS 9.8

CVE-2022-43260 CRITICAL POC
9.8 Oct 18

Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime fu

CVE-2022-40854 CRITICAL POC
9.8 Sep 23

Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set. Rated critical severity (CV

Share

CVE-2025-5609 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy