Tenda AC7 15.03.06.44 /goform/SetPptpServerCfg formSetPPTPServer pptp_server_start_ip/pptp_server_end_ip Biþrýstingsyfirtæki

Veikleiki sem flokkaður er sem gagnrýninn hefur fundist í Tenda AC7 15.03.06.44. Það sem hefur orðið fyrir áhrifum er fallið formSetPPTPServer í skránni /goform/SetPptpServerCfg. Þessi íhlutun í viðfangið pptp_server_start_ip/pptp_server_end_ip getur leitt til Biþrýstingsyfirtæki. Þessi vandi er flokkaður sem CWE-120 samkvæmt CWE. Veikleikinn var birtur 06.04.2025. Skjalið hefur verið sett fram til niðurhals á github.com. Öryggisveikleikinn er þekktur sem CVE-2025-3346. Hægt er að hefja árásina úr fjarlægð. Tæknilegar upplýsingar liggja fyrir. Auk þess er til exploit. Exploit-ið hefur verið gert opinbert og má nota það. Exploit verð í dag gæti verið nálægt USD $0-$5k. Það er lýst sem sönnun hugmyndar. Þetta exploit er deilt til niðurhals á github.com. Sem 0-day var áætlað verð á undirheimum um $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

2 Breytingar · 88 Gagnapunktar

SviðBúið til
06.04.2025 16:43		Uppfært 1/1
27.05.2025 17:12
software_vendorTendaTenda
software_nameAC7AC7
software_version15.03.06.4415.03.06.44
software_file/goform/SetPptpServerCfg/goform/SetPptpServerCfg
software_functionformSetPPTPServerformSetPPTPServer
software_argumentpptp_server_start_ip/pptp_server_end_ippptp_server_start_ip/pptp_server_end_ip
vulnerability_cweCWE-120 (Biþrýstingsyfirtæki)CWE-120 (Biþrýstingsyfirtæki)
vulnerability_risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
advisory_urlhttps://github.com/CH13hh/tmp_store_cc/blob/main/AC7formSetPPTPServer/formSetPPTPServer.mdhttps://github.com/CH13hh/tmp_store_cc/blob/main/AC7formSetPPTPServer/formSetPPTPServer.md
exploit_availability11
exploit_publicity11
exploit_urlhttps://github.com/CH13hh/tmp_store_cc/blob/main/AC7formSetPPTPServer/formSetPPTPServer.mdhttps://github.com/CH13hh/tmp_store_cc/blob/main/AC7formSetPPTPServer/formSetPPTPServer.md
source_cveCVE-2025-3346CVE-2025-3346
cna_responsibleVulDBVulDB
software_typeRouter Operating SystemRouter Operating System
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_uiNN
cvss4_vuldb_vcHH
cvss4_vuldb_viHH
cvss4_vuldb_vaHH
cvss4_vuldb_ePP
cvss2_vuldb_auSS
cvss2_vuldb_rlNDND
cvss3_vuldb_prLL
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_prLL
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore9.09.0
cvss2_vuldb_tempscore7.77.7
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.08.0
cvss3_meta_basescore8.88.8
cvss3_meta_tempscore8.08.4
cvss4_vuldb_bscore8.78.7
cvss4_vuldb_btscore7.47.4
advisory_date1743890400 (06.04.2025)1743890400 (06.04.2025)
price_0day$0-$5k$0-$5k
cve_nvd_summaryA vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryesSe encontró una vulnerabilidad en Tenda AC7 15.03.06.44. Se ha clasificado como crítica. Este problema afecta a la función formSetPPTPServer del archivo /goform/SetPptpServerCfg. La manipulación del argumento pptp_server_start_ip/pptp_server_end_ip provoca un desbordamiento del búfer. El ataque puede ejecutarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcH
cvss4_cna_viH
cvss4_cna_vaH
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore8.7
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aH
cvss3_cna_basescore8.8
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciC
cvss2_cna_iiC
cvss2_cna_aiC
cvss2_cna_basescore9

Til bakaYfirlitNæst

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!