CVE-2025-1898Improper Restriction of Operations within the Bounds of a Memory Buffer in TX3

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer OverflowCWE-416Use After Free4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 78.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda TX3Tenda TX3 Firmware
Timeline
PublishedMar 4

Description

A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/tx316.03.13.11_multi
NVDtenda/tx3_firmware16.03.13.11

🔴Vulnerability Details

2
GHSA
GHSA-wx34-fqmw-5gg3: A vulnerability, which was classified as critical, was found in Tenda TX3 162025-03-04
CVEList
Tenda TX3 openSchedWifi buffer overflow2025-03-04

📋Vendor Advisories

1
Microsoft
Use After Free in vim/vim2022-05-10
CVE-2025-1898 — Tenda TX3 vulnerability | cvebase