CVE-2025-4007

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Apr 28, 2025

Updated: Apr 29, 2025

CWE ID 119

CWE ID 121

Summary

CVE-2025-4007 is a critical vulnerability that affects Tenda W12 and i24 devices running on versions 3.0.0.4(2887) and 3.0.0.5(3644). This issue lies within the cgidhcpsCfgSet function in the /goform/modules component of the httpd system. An attacker can cause a stack-based buffer overflow by manipulating the json argument. The vulnerability allows remote exploitation, and the attack method has been disclosed publicly, increasing the risk for potential cyber-attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Tenda i24
W12

Affected Vendors

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/5hrEBn
https://www.cve.org/CVERecord?id=CVE-2025-4007
https://nvd.nist.gov/vuln/detail/CVE-2025-4007

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners