CVE-2025-9605
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2025-09-03

Assigner: VulDB

Description
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2025-09-03
Generated
2026-05-07
AI Q&A
2025-08-29
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9605
EUVD
EUVD-2025-26203
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
tenda ac21_firmware 16.03.08.16
tenda ac21 *
tenda ac23_firmware 16.03.08.16
tenda ac23 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a stack-based buffer overflow in the Tenda AC21 and AC23 routers' firmware, specifically in the GetParentControlInfo function accessed via the /goform/GetParentControlInfo endpoint. It occurs due to insufficient boundary checks on the 'mac' argument, allowing an attacker to send crafted parameters remotely without authentication to overflow the stack. This can cause the device to behave unexpectedly or crash. [1]


How can this vulnerability impact me? :

Exploitation of this vulnerability can lead to a Denial of Service (DoS) attack, causing the affected router to crash or become unresponsive. Since the attack can be launched remotely without authentication, it poses a significant risk to network availability and stability. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring network traffic for requests to the endpoint /goform/GetParentControlInfo with suspicious or unusually crafted parameters, especially the 'mac' argument. You can use tools like curl or wget to send crafted requests to test if the endpoint is vulnerable. For example, a command like: curl -v --data "mac=AAAA..." http://<router-ip>/goform/GetParentControlInfo can be used to check for abnormal responses or crashes. Additionally, network intrusion detection systems (NIDS) can be configured to alert on such suspicious requests targeting this endpoint. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting remote access to the /goform/GetParentControlInfo endpoint by implementing firewall rules or access control lists to block unauthenticated external requests. If possible, disable the affected function or service temporarily. Monitor the device for unusual behavior or crashes indicative of exploitation attempts. Applying firmware updates or patches from the vendor once available is also critical to fully remediate the vulnerability. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart