CVE-2025-25663

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda AC8V4 version V16.03.34.06

Description A vulnerability was found in the function SUB 0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk crypto leads to a stack-based buffer overflow.

Recommendations For Tenda AC8V4 version V16.03.34.06, consider disabling the SUB 0046AC38 function as a temporary workaround until a patch is available. Restrict access to the /goform/WifiExtraSet file to minimize the risk of exploitation. Avoid using the wpapsk crypto argument in the affected API endpoint until the issue is resolved.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

BDU:2025-04002

CVE-2025-25663

Affected Products

Tenda Ac8V4

CVE-2025-25663

Weakness Enumeration

Related Identifiers

Affected Products

References · 9