CVE-2025-9605

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda AC21 version 16.03.08.16 Tenda AC23 version 16.03.08.16

Description A stack-based buffer overflow vulnerability exists in the GetParentControlInfo function of the /goform/GetParentControlInfo file in Tenda AC21 and AC23 routers. Manipulation of the mac argument can trigger the overflow, allowing for remote exploitation. The exploit has been publicly disclosed.

Recommendations For Tenda AC21 version 16.03.08.16, disable remote management and segment networks. For Tenda AC23 version 16.03.08.16, disable remote management and segment networks.

Exploit

Fix

RCE

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

BDU:2025-10636

CVE-2025-9605

Affected Products

Tenda Ac21

Tenda Ac23

CVE-2025-9605

Weakness Enumeration

Related Identifiers

Affected Products

References · 18