CVE-2025-9605

CVSS v3.1

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda AC21 version 16.03.08.16 Tenda AC23 version 16.03.08.16

Description A stack-based buffer overflow vulnerability exists in the

GetParentControlInfo

function of the

/goform/GetParentControlInfo

file in Tenda AC21 and AC23 routers. Manipulation of the

mac

argument can trigger the overflow, allowing for remote exploitation. The exploit has been publicly disclosed.

Recommendations For Tenda AC21 version 16.03.08.16, disable remote management and segment networks. For Tenda AC23 version 16.03.08.16, disable remote management and segment networks.

Exploit

Fix

RCE

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-121

Related Identifiers

BDU:2025-10636

CVE-2025-9605

Affected Products

Tenda Ac21

Tenda Ac23

CVE-2025-9605

Weakness Enumeration

Related Identifiers

Affected Products

References · 17