CVE-2025-5608

Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.05

Description A critical vulnerability has been found in the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to a buffer overflow. It is possible to launch the attack remotely.

Recommendations For Tenda AC18 version 15.03.05.05, as a temporary workaround, consider disabling the formsetreboottimer function until a patch is available. Restrict access to the /goform/SetSysAutoRebbotCfg file to minimize the risk of exploitation. Avoid using the rebootTime argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.