CVE-2025-3803

Name of the Vulnerable Software and Affected Versions Tenda W12 and i24 versions 3.0.0.4(2887) through 3.0.0.5(3644)

Description A critical issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely.

Recommendations For versions 3.0.0.4(2887) through 3.0.0.5(3644), as a temporary workaround, consider disabling the cgiSysScheduleRebootSet function until a patch is available. Restrict access to the /bin/httpd file to minimize the risk of exploitation. Avoid using the rebootDate argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.