CVE-2025-12596Improper Restriction of Operations within the Bounds of a Memory Buffer in Ac23

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 77.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ac23Tenda Ac23 Firmware
Timeline
PublishedNov 2

Description

A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ac2316.03.07.52
NVDtenda/ac23_firmware16.03.07.52

🔴Vulnerability Details

2
CVEList
Tenda AC23 saveParentControlInfo buffer overflow2025-11-02
GHSA
GHSA-m64w-vrmh-8h45: A security vulnerability has been detected in Tenda AC23 162025-11-02
CVE-2025-12596 — Tenda Ac23 vulnerability | cvebase