CVE-2025-5861
BaseFortify
Publication date: 2025-06-09
Last updated on: 2025-06-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac7_firmware | 15.03.06.44 |
| tenda | ac7 | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5861 is a critical buffer overflow vulnerability in the Tenda AC7 router firmware version 15.03.06.44. It occurs in the fromadvsetlanip function when processing the lanMask parameter. Improper handling of this parameter allows an attacker to overflow a buffer by sending crafted input remotely, potentially leading to arbitrary code execution or denial of service. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected Tenda AC7 router. An attacker can remotely exploit the buffer overflow to execute arbitrary code or cause a denial of service, potentially taking control of the device or disrupting its operation. [2, 1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring network traffic for requests to the vulnerable endpoint /goform/AdvSetLanip that include the lanMask parameter. Since the vulnerability involves a buffer overflow triggered by crafted input, inspecting HTTP POST requests targeting /goform/AdvSetLanip with unusually large or malformed lanMask values may indicate exploitation attempts. Specific commands could include using tools like curl or wget to test the endpoint manually, or using network monitoring tools (e.g., tcpdump, Wireshark) with filters for HTTP POST requests to /goform/AdvSetLanip. Example command to capture such traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/AdvSetLanip'. However, no specific detection commands or signatures are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda AC7 router firmware version 15.03.06.44 with a non-vulnerable version or an alternative product, as no known countermeasures or patches currently exist. Additionally, restricting remote access to the router's management interface, especially blocking access to the /goform/AdvSetLanip endpoint, can reduce exposure. Network-level protections such as firewall rules to block suspicious traffic targeting this endpoint and monitoring for exploitation attempts are recommended until a patch or update is available. [2]