CVE-2025-11550

CWE-404 CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

7.1HIGH

EPSS

0.1%

top 74.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda W12 Tenda W12 Firmware

Timeline

PublishedOct 9

Description

A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/w123.0.0.6(3948)

▶NVDtenda/w12_firmware3.0.0.6\(3948\)

🔴Vulnerability Details

CVEList

Tenda W12 HTTP Request modules wifiScheduledSet null pointer dereference↗2025-10-09

▶

GHSA

GHSA-jvm5-jgxh-5564: A vulnerability was found in Tenda W12 3↗2025-10-09

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Tenda wifiScheduledSet Parameter Null Pointer Dereference (CVE-2025-11550)↗2025-10-09

▶

📋Vendor Advisories

Microsoft

The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service↗2017-07-11

▶