CVE-2025-4299

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda AC1206 versions up to 15.03.06.23

Description A critical issue affects the setSchedWifi function of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Tenda AC1206 versions up to 15.03.06.23, consider disabling the setSchedWifi function as a temporary workaround until a patch is available. Restrict access to the /goform/openSchedWifi file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2025-05889

CVE-2025-4299

Affected Products

Tenda Ac1206

CVE-2025-4299

Weakness Enumeration

Related Identifiers

Affected Products

References · 14