CRITICAL🇵🇱 Wersja polska

CVE-2025-67073

CVSS 9.8v3.1pub. 2025-12-17upd. 2026-01-02

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.

🤖 AI Analysis
How it works

The vulnerability occurs in the fromAdvSetMacMtuWan function inside the device's bin httpd process. An attacker sends a crafted HTTP POST request to the /goform/AdvSetMacMtuWan endpoint, intentionally passing an excessively long or maliciously formatted value in the serviceName field. This causes a buffer overflow (CWE-120), leading to memory corruption in the process. As a result, it is possible to either crash the device or take control over the code execution flow.

Impact

An attacker can cause device unavailability (DoS) or execute arbitrary code on the vulnerable router with httpd process privileges, which in practice means complete compromise of the device.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Until updates are released, it is recommended to restrict access to the router's administrative interface only to trusted hosts and block access to the /goform/AdvSetMacMtuWan endpoint from external networks.

Who is affected

Tenda AC10V4.0 with firmware version V16.03.10.20

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac10

    HW
    Tenda
    4.0
  • Tenda Ac10 Firmware

    OS
    Tenda
    16.03.10.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoSMemory
CWE
References

Related vulnerabilities

CVE-2018-14558CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...

CVE-2025-45779CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w Tenda AC10 — handler formSetPPTPUserList

CVE-2025-25456CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC10 – podatność w funkcji AdvSetMacMtuWan (mac2)

CVE-2025-25675CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC10 — zdalne wykonanie kodu przez formexeCommand

CVE-2025-25674CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w Tenda AC10 – parametr ssid w form_fast_setting_wifi_set