CVE-2025-7423

Name of the Vulnerable Software and Affected Versions: Tenda O3V2 version 1.0.0.12(3880)

Description: A critical vulnerability exists in the Tenda O3V2 device. The vulnerability is located within the formWifiMacFilterSet function of the httpd component, specifically in the file /goform/setWrlFilterList. Manipulation of the macList argument leads to a stack-based buffer overflow, allowing for remote exploitation. The exploit for this issue has been publicly disclosed.

Recommendations: Tenda O3V2 version 1.0.0.12(3880): At the moment, there is no information about a newer version that contains a fix for this vulnerability.