CVE-2025-9605Improper Restriction of Operations within the Bounds of a Memory Buffer in Ac21

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
8.9HIGHNVD
EPSS
0.5%
top 36.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Tenda Ac21Tenda Ac23Tenda Ac21 Firmware+1 more
Timeline
PublishedAug 29

Description

A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5tenda/ac2116.03.08.16
CVEListV5tenda/ac2316.03.08.16
NVDtenda/ac21_firmware16.03.08.16
NVDtenda/ac23_firmware16.03.08.16

🔴Vulnerability Details

2
GHSA
GHSA-f8m7-hvrf-gm4v: A security vulnerability has been detected in Tenda AC21 and AC23 162025-08-29
CVEList
Tenda AC21/AC23 GetParentControlInfo stack-based overflow2025-08-29
CVE-2025-9605 — Tenda Ac21 vulnerability | cvebase