CVE-2025-7914
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-07-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac6_firmware | 15.03.06.50 |
| tenda | ac6 | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7914 is a critical buffer overflow vulnerability in the Tenda AC6 router firmware version 15.03.06.50, specifically in the httpd component's function setparentcontrolinfo. The vulnerability occurs because the device copies an input buffer to an output buffer without checking if the input size fits, leading to a buffer overflow. This flaw can be exploited remotely by sending a specially crafted request, potentially allowing an attacker to execute arbitrary code or cause a denial of service. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to execute arbitrary code on the affected device or cause a denial of service, compromising the device's confidentiality, integrity, and availability. This could lead to unauthorized control over the router, disruption of network services, or further attacks on connected systems. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided for this vulnerability. Since the vulnerability is triggered by a specially crafted request to the httpd service's setparentcontrolinfo function, monitoring for unusual or malformed HTTP requests targeting this function on the Tenda AC6 router firmware 15.03.06.50 could be a general approach. However, no explicit detection commands or signatures are available. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability. The suggested immediate step is to replace the affected product with an alternative device to avoid exploitation. [2]