EUVD-2025-16919

| CVE-2025-5609 HIGH
2025-06-04 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16919
PoC Detected
Jun 17, 2025 - 20:41 vuln.today
Public exploit code
CVE Published
Jun 04, 2025 - 20:15 nvd
HIGH 8.8

Tags

Buffer Overflow Ac18 Firmware Tenda

Description

A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, exploitable via the /goform/AdvSetLanip endpoint's lanMask parameter. An authenticated remote attacker can trigger memory corruption leading to complete system compromise (confidentiality, integrity, availability). A public exploit proof-of-concept exists, and the vulnerability is likely being actively weaponized given disclosure status and CVSS 8.8 severity.

Technical Context

The vulnerability resides in the fromadvsetlanip function within the HTTP request handler /goform/AdvSetLanip of Tenda AC18 firmware (CPE: cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*). The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow flaw where user-supplied input in the lanMask parameter is copied into a fixed-size buffer without proper bounds checking. This is a common pattern in legacy embedded device firmware where the CGI handler fails to validate input length before stack or heap allocation. The vulnerability affects the LAN IP configuration subsystem, a privileged network function typically accessible only after authentication but critical in router security architecture.

Affected Products

Tenda AC18 firmware version 15.03.05.05 (CPE: cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*). The vulnerable function is in the web administration interface accessible via HTTP/HTTPS on the router. No other versions explicitly confirmed patched, though later firmware versions may address this. Affected hardware: any Tenda AC18 router model running this firmware version. Note: Tenda has historically slow security response; check vendor advisories for patch availability status.

Remediation

Primary mitigation: (1) Upgrade Tenda AC18 firmware to the latest available version released after this CVE disclosure—verify patch release at Tenda's official support site (support.tenda.com.cn or regional equivalent); (2) If patch unavailable, implement network segmentation: restrict access to router web interface (port 80/443) to trusted administrative networks only using firewall rules; (3) Change default router credentials immediately and enforce strong unique passwords; (4) Disable remote management features if not required. Temporary workaround: disable HTTP/HTTPS management interface access from untrusted networks. Note: Given the embedded device nature, firmware patching may require manual upload via web interface—backup configuration before attempting patch.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +44
POC: +20

Share

EUVD-2025-16919 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy