CVE-2025-5795

| EUVD-2025-17361 HIGH
2025-06-06 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17361
PoC Detected
Jun 09, 2025 - 19:08 vuln.today
Public exploit code
CVE Published
Jun 06, 2025 - 19:15 nvd
HIGH 8.8

Tags

Buffer Overflow Ac5 Firmware Tenda

Description

A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in Tenda AC5 router firmware (version 1.0/15.03.06.47) affecting the LAN IP configuration function. An authenticated attacker can remotely exploit improper input validation on the 'lanMask' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria.

Technical Context

The vulnerability exists in the fromadvsetlanip function within the /goform/AdvSetLanip HTTP endpoint of Tenda AC5 wireless router firmware. This represents a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) stack-based buffer overflow. The lanMask parameter, intended to receive a netmask value (typically dotted-decimal notation like 255.255.255.0), lacks proper bounds checking before being copied into a fixed-size stack buffer. The Tenda AC5 is a low-cost 802.11ac dual-band router commonly deployed in home and small business networks. The /goform endpoint is part of Tenda's web management interface, which processes configuration changes. CPE: cpe:2.3:o:tenda:ac5_firmware:15.03.06.47:*:*:*:*:*:*:*

Affected Products

Tenda AC5 Wireless Router - Firmware Version 15.03.06.47 (confirmed affected). Likely affects Tenda AC5 v1.0 hardware. CPE: cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*. Related firmware versions in the 15.03.06.x series may also be vulnerable pending vendor analysis. No official vendor patch release referenced in current advisories; Tenda has not published a security advisory or patched firmware version as of the CVE publication date.

Remediation

IMMEDIATE ACTIONS: (1) Restrict network access to the router's web management interface (port 80/443) using firewall rules or IP whitelisting—limit access to trusted administrative networks only. (2) Change default router credentials if present; enforce strong authentication. (3) Disable remote management features if not required. (4) Monitor Tenda's official security advisory page (https://www.tenda.com.cn/en/service/) for patched firmware release (version > 15.03.06.47). LONG-TERM: Upgrade to patched firmware once released by Tenda. If Tenda does not release a patch, consider replacing the device with firmware from vendors with active security maintenance. Implement network segmentation to isolate IoT/router management traffic.

Priority Score

65
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +44
POC: +20

Share

CVE-2025-5795 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy