CVE-2025-4368

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.7HIGH

EPSS

1.3%

top 20.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda AC8 Tenda AC8 Firmware

Timeline

PublishedMay 6

Description

A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/ac816.03.34.06

▶NVDtenda/ac8_firmware16.03.34.06

🔴Vulnerability Details

CVEList

Tenda AC8 MtuSetMacWan formGetRouterStatus buffer overflow↗2025-05-06

▶

GHSA

GHSA-4rpv-g3qv-3mfr: A vulnerability, which was classified as critical, was found in Tenda AC8 16↗2025-05-06

▶