CVE-2025-1851

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 3, 2025

CWE ID 119

CWE ID 121

Summary

CVE-2025-1851: A critical buffer overflow vulnerability was identified in the Tenda AC7 firmware version up to 15.03.06.44. This issue lies within the function formSetFirewallCfg in the file /goform/SetFirewallCfg, which can be exploited by manipulating the argument firewallEn. The exploit allows for stack-based buffer overflow and can be initiated remotely, posing a significant risk. The vulnerability has been publicly disclosed, increasing the potential for malicious attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Tenda AC7

Affected Vendors

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/36uVlS
https://www.cve.org/CVERecord?id=CVE-2025-1851
https://nvd.nist.gov/vuln/detail/CVE-2025-1851

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners