Tenda O3V2 1.0.0.12(3880) httpd /goform/setPing fromPingResultGet destIP Pufferüberlauf

Hakika vulnerability da aka rarraba a matsayin kura an gano a Tenda O3V2 1.0.0.12(3880). Tabbas, aikin fromPingResultGet ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /goform/setPing, a cikin sashi httpd. Wuro manipulation of the argument destIP ga Pufferüberlauf. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-121. Lalle, rauni an sanar da shi 07/10/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-7418. Ngam yiɗi ka a tuma ndiyam ka nder layi. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 90 Datenpunkte

FurɗeSúgá
07/10/2025 09:54		Gargadi 1/2
07/11/2025 09:51		Gargadi 2/2
07/11/2025 12:04
software_vendorTendaTendaTenda
software_nameO3V2O3V2O3V2
software_version1.0.0.12(3880)1.0.0.12(3880)1.0.0.12(3880)
software_componenthttpdhttpdhttpd
software_file/goform/setPing/goform/setPing/goform/setPing
software_functionfromPingResultGetfromPingResultGetfromPingResultGet
software_argumentdestIPdestIPdestIP
vulnerability_cweCWE-121 (Pufferüberlauf)CWE-121 (Pufferüberlauf)CWE-121 (Pufferüberlauf)
vulnerability_risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
advisory_urlhttps://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_51/51.mdhttps://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_51/51.mdhttps://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_51/51.md
exploit_availability111
exploit_publicity111
exploit_urlhttps://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_51/51.md#pochttps://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_51/51.md#pochttps://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_51/51.md#poc
source_cveCVE-2025-7418CVE-2025-7418CVE-2025-7418
cna_responsibleVulDBVulDBVulDB
software_typeRouter Operating SystemRouter Operating SystemRouter Operating System
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_uiNNN
cvss4_vuldb_vcHHH
cvss4_vuldb_viHHH
cvss4_vuldb_vaHHH
cvss4_vuldb_ePPP
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_prLLL
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore9.09.09.0
cvss2_vuldb_tempscore7.77.77.7
cvss3_vuldb_basescore8.88.88.8
cvss3_vuldb_tempscore8.08.08.0
cvss3_meta_basescore8.88.88.8
cvss3_meta_tempscore8.08.08.4
cvss4_vuldb_bscore8.78.78.7
cvss4_vuldb_btscore7.47.47.4
advisory_date1752098400 (07/10/2025)1752098400 (07/10/2025)1752098400 (07/10/2025)
price_0day$0-$5k$0-$5k$0-$5k
euvd_idEUVD-2025-21088EUVD-2025-21088
cve_nvd_summaryA vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcH
cvss4_cna_viH
cvss4_cna_vaH
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore8.7
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aH
cvss3_cna_basescore8.8
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciC
cvss2_cna_iiC
cvss2_cna_aiC
cvss2_cna_basescore9

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!