CVE-2025-5839
BaseFortify
Publication date: 2025-06-07
Last updated on: 2025-06-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac9_firmware | 15.03.2.13 |
| tenda | ac9 | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical buffer overflow in the Tenda AC9 router firmware version 15.03.02.13. It occurs in the function fromadvsetlanip, which handles POST requests to the /goform/AdvSetLanip endpoint. The issue arises because the lanMask parameter from the POST request is copied into a buffer without proper size checking, allowing an attacker to overflow the buffer. This can lead to arbitrary code execution or denial of service on the device. [1, 2]
How can this vulnerability impact me? :
Exploiting this vulnerability can compromise the confidentiality, integrity, and availability of the affected device. An attacker can remotely execute arbitrary code or cause the device to crash (denial of service). Since the exploit is publicly available and easy to use, it poses a significant risk to users of the affected Tenda AC9 router firmware version 15.03.02.13. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for POST requests to the endpoint /goform/AdvSetLanip that include the lanMask parameter. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such requests, especially those with unusually large or malformed lanMask values that could trigger the buffer overflow. For manual detection, you can use tools like curl or wget to send crafted POST requests to /goform/AdvSetLanip and observe the device's response or behavior. Example command: curl -X POST http://<device-ip>/goform/AdvSetLanip -d "lanMask=<test_payload>". Additionally, monitoring device logs for crashes or abnormal behavior after such requests can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /goform/AdvSetLanip by implementing network-level controls such as firewall rules to block external access to the device's management interface. Since no known countermeasures or patches currently exist, consider isolating the affected device from untrusted networks. If possible, replace the affected Tenda AC9 device with a non-vulnerable model or firmware version. Monitoring for exploit attempts and applying strict access controls are critical until a patch or update is available. [2]