PT-2025-11283 · Tenda · Tenda Ac9

Published

2025-02-27

Updated

2025-03-14

CVE-2025-29384

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 1.0 V15.03.05.14 multi

Description: The issue is related to a stack overflow vulnerability in the wanMTU parameter of the "/goform/AdvSetMacMtuWan" API endpoint. This vulnerability can lead to remote arbitrary code execution.

Recommendations: For Tenda AC9 version 1.0 V15.03.05.14 multi, consider disabling access to the "/goform/AdvSetMacMtuWan" API endpoint until a patch is available, and avoid using the wanMTU parameter to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2025-02801

CVE-2025-29384

Affected Products

Tenda Ac9

PT-2025-11283 · Tenda · Tenda Ac9

CVE-2025-29384

Weakness Enumeration

Related Identifiers

Affected Products

References · 7