CVE-2025-9023Improper Restriction of Operations within the Bounds of a Memory Buffer in Ac18

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.4%
top 42.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Tenda Ac18Tenda AC7Tenda Ac18 Firmware+1 more
Timeline
PublishedAug 15

Description

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5tenda/ac1815.03.05.19, 15.03.06.44+1
NVDtenda/ac18_firmware15.03.05.19
CVEListV5tenda/ac715.03.05.19, 15.03.06.44+1
NVDtenda/ac7_firmware15.03.06.44

🔴Vulnerability Details

2
GHSA
GHSA-xffp-g8q4-6v4h: A vulnerability has been found in Tenda AC7 and AC18 152025-08-15
CVEList
Tenda AC7/AC18 SetLEDCfg formSetSchedLed buffer overflow2025-08-15
CVE-2025-9023 — Tenda Ac18 vulnerability | cvebase