VDB-311620 · CVE-2025-5861 · EUVD-2025-17427

Tenda AC7 15.03.06.44 /goform/AdvSetLanip fromadvsetlanip lanMask ବଫର୍ ଓଭରଫ୍ଲୋ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame Tenda AC7 15.03.06.44 keessatti argameera. Miidhaan irra gahe is hojii fromadvsetlanip faayilii /goform/AdvSetLanip keessa. Dhugumatti jijjiirraa irratti raawwatame lanMask gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-120 si geessa. Beekumsi kun yeroo 06/08/2025 ifoomsifameera. Odeeffannoon kun buufachuuf lavender-bicycle-a5a.notion.site irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-5861 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana lavender-bicycle-a5a.notion.site irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Once again VulDB remains the best source for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 89 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 06/08/2025 03:30 PM	ଅଦ୍ୟତନ 1/2 06/09/2025 07:44 AM	ଅଦ୍ୟତନ 2/2 06/09/2025 08:22 AM
software_vendor	Tenda	Tenda	Tenda
software_name	AC7	AC7	AC7
software_version	15.03.06.44	15.03.06.44	15.03.06.44
software_file	/goform/AdvSetLanip	/goform/AdvSetLanip	/goform/AdvSetLanip
software_function	fromadvsetlanip	fromadvsetlanip	fromadvsetlanip
software_argument	lanMask	lanMask	lanMask
vulnerability_cwe	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-fromadvsetlanip-20a53a41781f80038f4fc4b9d927eb9a?source=copy_link	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-fromadvsetlanip-20a53a41781f80038f4fc4b9d927eb9a?source=copy_link	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-fromadvsetlanip-20a53a41781f80038f4fc4b9d927eb9a?source=copy_link
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-fromadvsetlanip-20a53a41781f80038f4fc4b9d927eb9a?source=copy_link	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-fromadvsetlanip-20a53a41781f80038f4fc4b9d927eb9a?source=copy_link	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-fromadvsetlanip-20a53a41781f80038f4fc4b9d927eb9a?source=copy_link
source_cve	CVE-2025-5861	CVE-2025-5861	CVE-2025-5861
cna_responsible	VulDB	VulDB	VulDB
software_type	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	H	H	H
cvss4_vuldb_vi	H	H	H
cvss4_vuldb_va	H	H	H
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8
cvss3_meta_tempscore	8.0	8.4	8.4
cvss4_vuldb_bscore	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4
advisory_date	1749333600 (06/08/2025)	1749333600 (06/08/2025)	1749333600 (06/08/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		H	H
cvss4_cna_vi		H	H
cvss4_cna_va		H	H
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		8.7	8.7
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		H	H
cvss3_cna_i		H	H
cvss3_cna_a		H	H
cvss3_cna_basescore		8.8	8.8
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		C	C
cvss2_cna_ii		C	C
cvss2_cna_ai		C	C
cvss2_cna_basescore		9	9
euvd_id			EUVD-2025-17427

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Interested in the pricing of exploits?

See the underground prices here!