CRITICAL🇵🇱 Wersja polska

CVE-2025-45427

CVSS 9.8v3.1pub. 2025-04-23upd. 2025-04-30

In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

🤖 AI Analysis
How it works

The endpoint /goform/WifiBasicSet handling Wi-Fi network configuration does not properly validate the length of data passed in the 'security' parameter. Passing an appropriately crafted, excessively long value causes a stack buffer overflow (CWE-121 – Stack-based Buffer Overflow). By exploiting this, an attacker can overwrite stack control data and hijack program execution flow, leading to arbitrary code execution.

Impact

An unauthenticated remote attacker can gain full control over the device by executing arbitrary code (RCE), which threatens the confidentiality, integrity, and availability of the router and the network it supports.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Until an update is released, it is recommended to restrict access to the device management interface only to trusted hosts and to disable remote access to the administrative panel from the WAN network side.

Who is affected

Tenda AC9 v1.0 with firmware V15.03.05.14_multi

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac9

    HW
    Tenda
    1.0
  • Tenda Ac9 Firmware

    OS
    Tenda
    15.03.05.14_multi
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2018-14558CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...

CVE-2025-45042CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji Telnet routera Tenda AC9

CVE-2025-44877CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC9 — funkcja formSetSambaConf (parametr usbname)

CVE-2025-44872CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC9 via parametr deviceName

CVE-2025-45428CRITICAL9.8PL ✓ten sam produkt

Stack overflow w Tenda AC9 – RCE przez parametr rebootTime