CRITICAL🇵🇱 Wersja polska

CVE-2025-45428

CVSS 9.8v3.1pub. 2025-04-23upd. 2025-04-30

In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation of input data length for the rebootTime parameter sent to the /goform/SetSysAutoRebbotCfg endpoint. An excessively long parameter value causes stack buffer overflow (stack overflow, CWE-121), overwriting stack control data, including the function return address. The attacker can thus redirect code execution to their own payload, achieving remote code execution (RCE) without the need for authentication.

Impact

A remote attacker without any privileges can take full control of the device by executing arbitrary code (RCE), which potentially leads to violations of confidentiality, integrity, and system availability.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until an update is released, it is recommended to restrict access to the device's administrative panel exclusively to trusted local networks and block access to the management interface from external networks using a firewall.

Who is affected

Tenda AC9 v1.0 with firmware V15.03.05.14_multi

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac9

    HW
    Tenda
    1.0
  • Tenda Ac9 Firmware

    OS
    Tenda
    15.03.05.14_multi
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2018-14558CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...

CVE-2025-45042CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji Telnet routera Tenda AC9

CVE-2025-44877CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC9 — funkcja formSetSambaConf (parametr usbname)

CVE-2025-44872CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC9 via parametr deviceName

CVE-2025-45427CRITICAL9.8PL ✓ten sam produkt

Tenda AC9 – stack overflow w WifiBasicSet umożliwia zdalny RCE