CNNVD-202511-038 Information

CNNVD ID

CNNVD-202511-038

Related CVE

CVE-2025-12595

• CNNVD Published: 2025-11-02

Description (Chinese)

Tenda AC23是中国腾达（Tenda）公司的一款双频千兆无线路由器。 Tenda AC23 16.03.07.52版本存在安全漏洞，该漏洞源于对文件/goform/SetVirtualServerCfg中参数list的错误操作导致缓冲区溢出，可能被远程利用。

Description (English)

Tenda AC23 is a dual-frequency, giga-wireless router of Tenda, China. There is a security loophole in version 16,03.07.52 of Tenda AC 23 16.03.52, which stems from an error in the operation of the list of parameters in the document/goform/SetVirtualServerCfg, resulting in the spilling of the buffer zone, which could be used remotely.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

腾达

Published

2025-11-02

Last Modified

2026-02-24

References

https://github.com/LX-LX88/cve/issues/8 https://vuldb.com/?ctiid.330890 https://www.tenda.com.cn/ https://vuldb.com/?id.330890 https://vuldb.com/?submit.677581 https://access.redhat.com/security/cve/cve-2025-12595