CVE-2025-5861
published 2025-06-09CVE-2025-5861: A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.69%
90.7th percentile
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| tenda | ac7 | — | — |
| tenda | ac7_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Tenda AdvSetLanip lanMask Parameter Buffer Overflow Attempt (CVE-2025-5861, CVE-2025-15218)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:19; content:"/goform/AdvSetLanip"; fast_pattern; http.request_body; content:"lanMask"; pcre:"/^[^\x2c\x7d$]{100,}(?:\x2c|\x7d|$)/R"; reference:url,candle-throne-f75.notion.site/Tenda-AC15-fromadvsetlanip-20adf0aa118580a09182c1c5c42079fc; reference:cve,2025-5861; reference:cve,2025-15218; classtype:web-application-attack; sid:2062819; rev:1; metadata:affected_product Tenda, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_06_09, cve CVE_2025_5861, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_06_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)- →Attack is delivered via HTTP POST to the exact URI /goform/AdvSetLanip with a body containing the 'lanMask' parameter. A lanMask value exceeding 100 characters (with no comma or closing-brace delimiter) indicates an overflow attempt.
- →The vulnerable function is fromadvsetlanip inside the file /goform/AdvSetLanip; the overflow is triggered by manipulating the 'lanMask' argument.
- →The attack is remotely exploitable and the exploit has been publicly disclosed; prioritise perimeter/edge detection for Tenda AC7 devices.
- →Traffic is expected in plaintext (non-TLS); deploy the Snort/Suricata rule at the network perimeter targeting inbound HTTP to home-net devices.
- ·The Snort/Suricata rule (sid:2062819) uses a fixed URI bsize of 19 bytes for /goform/AdvSetLanip; ensure your sensor's HTTP normalisation does not alter URI length before matching.
- ·The PCRE pattern matches a lanMask value of 100+ characters not containing a comma (0x2c) or closing brace (0x7d); tune the threshold if legitimate long subnet masks are present in your environment.
- ·The rule covers two CVEs simultaneously (CVE-2025-5861 and CVE-2025-15218); verify applicability to each affected device model (AC7 vs AC15) before deploying.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w866-3fpp-r6c4: A vulnerability has been found in Tenda AC7 15
ghsa_unreviewed·2025-06-09
CVE-2025-5861 [HIGH] CWE-119 GHSA-w866-3fpp-r6c4: A vulnerability has been found in Tenda AC7 15
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Chrome
Stable Channel Update for Desktop: CVE-2026-5861
vendor_chrome·2026-04-07·CVSS 8.8
CVE-2026-5861 [HIGH] Stable Channel Update for Desktop: CVE-2026-5861
Stable Channel Update for Desktop
CVE-2026-5861: Use after free in V8. Reported by 5shain on 2026-02-23 [TBD][ 470566252 ] High CVE-2026-5862: Inappropriate implementation in V8
Reported by Google on 2025-12-21 [TBD][ 484527367 ] High CVE-2026-5863: Inappropriate implementation in V8
Severity: high
Citrix
Citrix Security Bulletin CTX111186
vendor_citrix·CVSS 7.5
CVE-2006-5821 [HIGH] Citrix Security Bulletin CTX111186
Citrix Security Bulletin CTX111186
CVE References: CVE-2006-5821, CVE-2006-5861, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Suricata
ET WEB_SPECIFIC_APPS Tenda AdvSetLanip lanMask Parameter Buffer Overflow Attempt (CVE-2025-5861, CVE-2025-15218)
suricata·2025-06-09·CVSS 7.4
CVE-2025-5861 [HIGH] ET WEB_SPECIFIC_APPS Tenda AdvSetLanip lanMask Parameter Buffer Overflow Attempt (CVE-2025-5861, CVE-2025-15218)
ET WEB_SPECIFIC_APPS Tenda AdvSetLanip lanMask Parameter Buffer Overflow Attempt (CVE-2025-5861, CVE-2025-15218)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Tenda AdvSetLanip lanMask Parameter Buffer Overflow Attempt (CVE-2025-5861, CVE-2025-15218)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:19; content:"/goform/AdvSetLanip"; fast_pattern; http.request_body; content:"lanMask"; pcre:"/^[^\x2c\x7d$]{100,}(?:\x2c|\x7d|$)/R"; reference:url,candle-throne-f75.notion.site/Tenda-AC15-fromadvsetlanip-20adf0aa118580a09182c1c5c42079fc; reference:cve,2025-5861; reference:cve,2025-15218; classtype:web-application-attack; sid:2062819; rev:1; metadata:affected_product Tenda, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_0
No public exploits indexed.
No writeups or analysis indexed.
https://lavender-bicycle-a5a.notion.site/Tenda-AC7-fromadvsetlanip-20a53a41781f80038f4fc4b9d927eb9a?source=copy_linkhttps://vuldb.com/?ctiid.311620https://vuldb.com/?id.311620https://vuldb.com/?submit.591960https://www.tenda.com.cn/https://lavender-bicycle-a5a.notion.site/Tenda-AC7-fromadvsetlanip-20a53a41781f80038f4fc4b9d927eb9a
2025-06-09
Published