CVE-2025-29032
published 2025-03-14CVE-2025-29032: Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
PriorityP337medium5.9CVSS 3.1
AVNACHPRLUIRSUCLIHAL
EPSS
3.79%
88.6th percentile
Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tendacn | ac9_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Tenda WifiWpsOOB index Parameter Buffer Overflow Attempt (CVE-2025-29032)
suricata·2025-06-17·CVSS 5.9
CVE-2025-29032 [MEDIUM] ET WEB_SPECIFIC_APPS Tenda WifiWpsOOB index Parameter Buffer Overflow Attempt (CVE-2025-29032)
ET WEB_SPECIFIC_APPS Tenda WifiWpsOOB index Parameter Buffer Overflow Attempt (CVE-2025-29032)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Tenda WifiWpsOOB index Parameter Buffer Overflow Attempt (CVE-2025-29032)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:18; content:"/goform/WifiWpsOOB"; fast_pattern; http.request_body; content:"|22|index|22|"; pcre:"/^[^\x2c\x7d$]{100,}(?:\x2c|\x7d|$)/R"; reference:cve,2025-29032; reference:url,github.com/WhereisDoujo/CVE/issues/6; classtype:web-application-attack; sid:2063031; rev:1; metadata:affected_product Tenda, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_06_17, cve CVE_2025_29032, deployment Perimeter, deployment Internal, performance_impact Low, confidence High,
No public exploits indexed.
No writeups or analysis indexed.
2025-03-14
Published