CVE-2025-63835

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 49.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Ac18 Firmware
Timeline
PublishedNov 10

Description

A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDtenda/ac18_firmware15.03.05.05

🔴Vulnerability Details

2
GHSA
GHSA-2mgg-5ppq-j685: A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v152025-11-10
CVEList
CVE-2025-63835: A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v152025-11-10
CVE-2025-63835 (HIGH CVSS 8.8) | A stack-based buffer overflow vulne | cvebase.io