CVE-2025-4298

Name of the Vulnerable Software and Affected Versions Tenda AC1206 versions up to 15.03.06.23

Description A critical vulnerability was found in Tenda AC1206, affecting the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Tenda AC1206 versions up to 15.03.06.23, as a temporary workaround, consider disabling the formSetCfm function until a patch is available. Restrict access to the /goform/setcfm file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.