ГлавнаяУязвимости → CVE-2025-4007
8.8высокая

CVE-2025-4007

Описание

A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Затрагиваемое ПО
Tenda W12 firmwareTenda W12Tenda I24 firmwareTenda I24
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/02Tn/vul/issues/5https://vuldb.com/?ctiid.306343https://vuldb.com/?id.306343https://vuldb.com/?submit.558165https://www.tenda.com.cn/