PT-2025-34859 · Tenda · Tenda Ac1206

Lxyilu

Published

2025-08-27

Updated

2025-08-27

CVE-2025-9523

Report an issue

CVSS v2.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

**Name of the Vulnerable Software and Affected Versions:**

Tenda AC1206 version 15.03.06.23

**Description:**

A stack-based buffer overflow vulnerability exists in the `GetParentControlInfo` function of the `/goform/GetParentControlInfo` file. Manipulation of the `mac` argument can trigger the vulnerability, allowing for remote code execution. The exploit for this issue is publicly available.

**Recommendations:**

Tenda AC1206 version 15.03.06.23: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Stack Overflow

Buffer Overflow

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

CVE-2025-9523

Affected Products

Tenda Ac1206

PT-2025-34859 · Tenda · Tenda Ac1206

Weakness Enumeration

Related Identifiers

Affected Products

References · 11