CVE-2025-29215Stack-based Buffer Overflow in Ax12 Firmware

CWE-121Stack-based Buffer Overflow4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 54.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Ax12 Firmware
Timeline
PublishedMar 20
Latest updateAug 22

Description

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDtenda/ax12_firmware22.03.01.46_cn

🔴Vulnerability Details

2
CVEList
CVE-2025-29215: Tenda AX12 v222025-03-20
GHSA
GHSA-mqwp-h2ff-5c74: Tenda AX12 v222025-03-20

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Tenda SetNetControlList list Parameter Buffer Overflow Attempt (CVE-2025-9087, CVE-2025-29215, CVE-2025-1897)2025-08-22
CVE-2025-29215 — Stack-based Buffer Overflow in Tenda | cvebase