CVE-2025-3328

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.7HIGH

EPSS

1.1%

top 21.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda Ac1206 Tenda Ac1206 Firmware

Timeline

PublishedApr 7

Latest updateApr 9

Description

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/ac120615.03.06.23

▶NVDtenda/ac1206_firmware15.03.06.23

🔴Vulnerability Details

CVEList

Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow↗2025-04-07

▶

GHSA

GHSA-2cq5-j9m5-v929: A vulnerability was found in Tenda AC1206 15↗2025-04-07

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Tenda AC1206 fast_setting_wifi_set timeZone or ssid parameter Buffer Overflow Attempt (CVE-2025-3328, CVE-2025-51082))↗2025-04-09

▶