CVE-2025-4298 Tenda AC1206 setcfm formSetCfm buffer overflow

🗓️ 05 May 2025 23:31:05Reported by VulDBType

Critical buffer overflow vulnerability in Tenda AC1206 can be exploited remotely.

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the formSetCfm() function (/goform/setcfm) in the Tenda AC1206 router’s microprogramming software allows a hacker to execute arbitrary code.	23 May 202500:00	–	bdu_fstec
Circl	CVE-2025-4298	6 May 202500:19	–	circl
CNNVD	Tenda AC1206 安全漏洞	5 May 202500:00	–	cnnvd
CNVD	Tenda AC1206 Buffer Overflow Vulnerability (CNVD-2025-09667)	8 May 202500:00	–	cnvd
CVE	CVE-2025-4298	5 May 202523:31	–	cve
EUVD	EUVD-2025-13401	3 Oct 202520:07	–	euvd
NVD	CVE-2025-4298	6 May 202500:15	–	nvd
OSV	CVE-2025-4298	6 May 202500:15	–	osv
Positive Technologies	PT-2025-19809 · Tenda · Tenda Ac1206	5 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-4298	8 May 202500:09	–	redhatcve

[
  {
    "vendor": "Tenda",
    "product": "AC1206",
    "versions": [
      {
        "version": "15.03.06.0",
        "status": "affected"
      },
      {
        "version": "15.03.06.1",
        "status": "affected"
      },
      {
        "version": "15.03.06.2",
        "status": "affected"
      },
      {
        "version": "15.03.06.3",
        "status": "affected"
      },
      {
        "version": "15.03.06.4",
        "status": "affected"
      },
      {
        "version": "15.03.06.5",
        "status": "affected"
      },
      {
        "version": "15.03.06.6",
        "status": "affected"
      },
      {
        "version": "15.03.06.7",
        "status": "affected"
      },
      {
        "version": "15.03.06.8",
        "status": "affected"
      },
      {
        "version": "15.03.06.9",
        "status": "affected"
      },
      {
        "version": "15.03.06.10",
        "status": "affected"
      },
      {
        "version": "15.03.06.11",
        "status": "affected"
      },
      {
        "version": "15.03.06.12",
        "status": "affected"
      },
      {
        "version": "15.03.06.13",
        "status": "affected"
      },
      {
        "version": "15.03.06.14",
        "status": "affected"
      },
      {
        "version": "15.03.06.15",
        "status": "affected"
      },
      {
        "version": "15.03.06.16",
        "status": "affected"
      },
      {
        "version": "15.03.06.17",
        "status": "affected"
      },
      {
        "version": "15.03.06.18",
        "status": "affected"
      },
      {
        "version": "15.03.06.19",
        "status": "affected"
      },
      {
        "version": "15.03.06.20",
        "status": "affected"
      },
      {
        "version": "15.03.06.21",
        "status": "affected"
      },
      {
        "version": "15.03.06.22",
        "status": "affected"
      },
      {
        "version": "15.03.06.23",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206formSetCfm/formSetCfm.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
tenda	www.tenda.com.cn/

05 May 2025 23:31Current

CVSS 48.7

CVSS 3.18.8

CVSS 38.8

CVSS 29

EPSS0.00933