VDB-315879 · CVE-2025-7419 · EUVD-2025-21086

Tenda O3V2 1.0.0.12(3880) httpd /goform/setRateTest fromSpeedTestSet destIP ବଫର୍ ଓଭରଫ୍ଲୋ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu Tenda O3V2 1.0.0.12(3880) keessatti argameera. Kan miidhamte is hojii fromSpeedTestSet faayilii /goform/setRateTest keessa kutaa httpd keessa. Hojii jijjiirraa irratti gaggeeffame destIP gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-121 geessa. Dadhabbii kana yeroo 07/10/2025 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2025-7419tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 ଆଡାପ୍ଟେସନ୍ · 90 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 07/10/2025 09:54 AM	ଅଦ୍ୟତନ 1/3 07/10/2025 10:11 AM	ଅଦ୍ୟତନ 2/3 07/11/2025 08:51 AM	ଅଦ୍ୟତନ 3/3 07/11/2025 12:04 PM
software_vendor	Tenda	Tenda	Tenda	Tenda
software_name	O3V2	O3V2	O3V2	O3V2
software_version	1.0.0.12(3880)	1.0.0.12(3880)	1.0.0.12(3880)	1.0.0.12(3880)
software_file	/goform/setRateTest	/goform/setRateTest	/goform/setRateTest	/goform/setRateTest
software_function	fromSpeedTestSet	fromSpeedTestSet	fromSpeedTestSet	fromSpeedTestSet
software_argument	destIP	destIP	destIP	destIP
vulnerability_cwe	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	H	H	H	H
cvss3_vuldb_i	H	H	H	H
cvss3_vuldb_a	H	H	H	H
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_52/52.md	https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_52/52.md	https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_52/52.md	https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_52/52.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_52/52.md#poc	https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_52/52.md#poc	https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_52/52.md#poc	https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_52/52.md#poc
source_cve	CVE-2025-7419	CVE-2025-7419	CVE-2025-7419	CVE-2025-7419
cna_responsible	VulDB	VulDB	VulDB	VulDB
software_type	Router Operating System	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	C	C	C	C
cvss2_vuldb_ii	C	C	C	C
cvss2_vuldb_ai	C	C	C	C
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	H	H	H	H
cvss4_vuldb_vi	H	H	H	H
cvss4_vuldb_va	H	H	H	H
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8	8.8
cvss3_meta_tempscore	8.0	8.0	8.0	8.4
cvss4_vuldb_bscore	8.7	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4	7.4
advisory_date	1752098400 (07/10/2025)	1752098400 (07/10/2025)	1752098400 (07/10/2025)	1752098400 (07/10/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_component		httpd	httpd	httpd
euvd_id			EUVD-2025-21086	EUVD-2025-21086
cve_nvd_summary				A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av				N
cvss4_cna_ac				L
cvss4_cna_at				N
cvss4_cna_pr				L
cvss4_cna_ui				N
cvss4_cna_vc				H
cvss4_cna_vi				H
cvss4_cna_va				H
cvss4_cna_sc				N
cvss4_cna_si				N
cvss4_cna_sa				N
cvss4_cna_bscore				8.7
cvss3_cna_av				N
cvss3_cna_ac				L
cvss3_cna_pr				L
cvss3_cna_ui				N
cvss3_cna_s				U
cvss3_cna_c				H
cvss3_cna_i				H
cvss3_cna_a				H
cvss3_cna_basescore				8.8
cvss2_cna_av				N
cvss2_cna_ac				L
cvss2_cna_au				S
cvss2_cna_ci				C
cvss2_cna_ii				C
cvss2_cna_ai				C
cvss2_cna_basescore				9

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!