CVE-2025-5861Improper Restriction of Operations within the Bounds of a Memory Buffer in AC7

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow5 documents5 sources
Severity
7.4HIGHNVD
EPSS
1.1%
top 21.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda AC7Tenda AC7 Firmware
Timeline
PublishedJun 9
Latest updateApr 7

Description

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ac715.03.06.44
NVDtenda/ac7_firmware15.03.06.44

🔴Vulnerability Details

2
CVEList
Tenda AC7 AdvSetLanip fromadvsetlanip buffer overflow2025-06-09
GHSA
GHSA-w866-3fpp-r6c4: A vulnerability has been found in Tenda AC7 152025-06-09

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Tenda AdvSetLanip lanMask Parameter Buffer Overflow Attempt (CVE-2025-5861, CVE-2025-15218)2025-06-09

📋Vendor Advisories

1
Chrome
Stable Channel Update for Desktop: CVE-2026-58612026-04-07
CVE-2025-5861 — Tenda AC7 vulnerability | cvebase