CVE-2025-9023

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Tenda AC7 versions 15.03.05.19 through 15.03.06.44 Tenda AC18 versions 15.03.05.19 through 15.03.06.44

Description: A vulnerability exists in Tenda AC7 and AC18 devices. The formSetSchedLed function within the /goform/SetLEDCfg file is susceptible to a buffer overflow due to manipulation of the Time argument. This allows for remote exploitation of the issue. The exploit has been publicly disclosed.

Recommendations: Tenda AC7 version 15.03.05.18 and earlier Tenda AC18 version 15.03.05.18 and earlier Tenda AC7 version 15.03.06.43 and earlier Tenda AC18 version 15.03.06.43 and earlier

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2025-10204

CVE-2025-9023

Affected Products

Tenda Ac18

Tenda Ac7

CVE-2025-9023

Weakness Enumeration

Related Identifiers

Affected Products

References · 13