CVE-2025-45428

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 23, 2025

Updated: Apr 30, 2025

CWE ID 121

Summary

CVE-2025-45428 is a stack overflow vulnerability affecting the Tenda ac9 v1.0 with firmware V15.03.05.14_multi. The issue lies in the /goform/SetSysAutoRebbotCfg interface, where the rebootTime parameter is susceptible to an overflow. An attacker can exploit this vulnerability to execute arbitrary code remotely, potentially gaining unauthorized access or causing significant damage to the affected system. This vulnerability highlights the importance of keeping networking devices updated with the latest security patches to prevent such attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Tenda AC9

Affected Vendors

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners