← back
CVE-2025-9023

Tenda AC7/AC18 SetLEDCfg formSetSchedLed buffer overflow

CVSS 8.7 HIGHEPSS 0.7%CWE-119CWE-120
A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
Tenda · AC18Tenda · AC7

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/zezhifu1/cve_report/blob/main/AC18/formsetschedled.mdhttps://github.com/zezhifu1/cve_report/blob/main/AC7/formsetschedled.mdhttps://vuldb.com/?ctiid.320088https://vuldb.com/?id.320088https://vuldb.com/?submit.629692https://vuldb.com/?submit.629696https://www.tenda.com.cn/