CVE-2025-45429 — Stack-based Buffer Overflow in AC9 Firmware

CWE-121 — Stack-based Buffer Overflow4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

2.4%

top 14.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda AC9 Firmware

Timeline

PublishedApr 23

Latest updateAug 22

Description

In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtenda/ac9_firmware15.03.05.14_multi

🔴Vulnerability Details

CVEList

CVE-2025-45429: In the Tenda ac9 v1↗2025-04-23

▶

GHSA

GHSA-vf42-fm5m-wqq9: In the Tenda ac9 v1↗2025-04-23

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Tenda WifiWpsStart index Parameter Buffer Overflow Attempt (CVE-2025-45429, CVE-2024-2896, CVE-2024-2811, CVE-2024-2706)↗2025-08-22

▶