CVE-2025-12225

CVE-2025-12225 affects Tenda AC6 15.03.06.50, specifically the HTTP Request Handler processing of /goform/WifiGuestSet. The vulnerability stems from improper handling of the shareSpeed argument, leading to a stack-based buffer overflow that can be exploited remotely. Multiple connected sources (C...

CVE-2025-12213

A security vulnerability has been detected in Tenda O3 1.0.0.102478. This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been...

CVE-2025-12211

A security flaw has been discovered in Tenda O3 1.0.0.102478. Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-12213 Tenda O3 setVlanConfig GetValue stack-based overflow

A security vulnerability has been detected in Tenda O3 1.0.0.102478. This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been...

CVE-2025-12213

CVE-2025-12213 affects Tenda O3 1.0.0.10(2478). The vulnerability is a stack-based overflow in the SetValue/GetValue handling of /goform/setVlanConfig via crafted lan input, enabling remote exploitation. Public disclosures exist. Connected sources (CNVD/CNNVD/NVD/PT-2025-43873) corroborate a buff...

CVE-2025-12212 Tenda O3 setNetworkService GetValue stack-based overflow

A weakness has been identified in Tenda O3 1.0.0.102478. This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the...

EUVD-2025-36069

A vulnerability was identified in Tenda O3 1.0.0.102478. Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is...

CVE-2025-12210 Tenda O3 AdvSetLanip GetValue stack-based overflow

A vulnerability was identified in Tenda O3 1.0.0.102478. Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is...

Tenda AC6 安全漏洞

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which originates from the parameter shareSpeed in the file /goform/WifiGuestSet that fails to correctly validate the length and size of the input data, and c...

PT-2025-43870

Name of the Vulnerable Software and Affected Versions Tenda O3 version 1.0.0.102478 Description A stack-based buffer overflow exists in the SetValue/GetValue function of the /goform/AdvSetLanip file. Manipulation of the lanIp argument can trigger this issue, allowing for remote exploitation. The...

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a stack buffer overflow vulnerability that originates from the parameter recHour of the setScheduleCfg function o...

Tenda O3 安全漏洞

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 1.0.0.10 version of the buffer overflow vulnerability, the vulnerability stems from the file / goform / setNetworkService function SetValue / GetValue parameter upnpEn failed to correctly validate the length of the input data size...

PT-2025-43873

Name of the Vulnerable Software and Affected Versions Tenda O3 version 1.0.0.102478 Description A security issue exists in Tenda O3 version 1.0.0.102478. The SetValue/GetValue function within the /goform/setVlanConfig file is susceptible to a stack-based buffer overflow. This occurs through...

Siemens SIMATIC Devices Improper Locking (CVE-2024-26643)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: mark set as dead when unbinding anonymous set with timeout This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

PT-2025-43917

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R that could lead to a stack-based buffer overflow. The issue is located in the setOpModeCfg function within the /cgi-bin/cstecgi.cg file, specifically...

PT-2025-43879

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.06.50 Description A stack-based buffer overflow issue exists in the HTTP Request Handler component of Tenda AC6 version 15.03.06.50. The issue is related to the processing of the /goform/WifiGuestSet file. Manipulation ...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-49900)

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-38659)

enic: Validate length of nl attributes in enicsetvfport enicsetvfport assumes that the nl attribute IFLAPORTPROFILE is of length PORTPROFILEMAX and that the nl attributes IFLAPORTINSTANCEUUID, IFLAPORTHOSTUUID are of length PORTUUIDMAX. These attributes are validated in the function dosetlink in...

PT-2025-43897

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R that allows for remote attacks. The issue is a stack-based buffer overflow within the setLanguageCfg function located in the /cgi-bin/cstecgi.cgi file,...

Siemens SIMATIC Devices Race Condition (CVE-2024-24858)

A race condition was found in the Linux kernel's net/bluetooth in conn,advmin,maxintervalset function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. This plugin only works with Tenable.ot. Please visit...