Stack Overflow Vulnerability in Tenda AC9 Router
CVE-2025-29387

7.1HIGH

Key Information:

Vendor: Tenda
Status: AC9 Router
Vendor: CVE Published:; 14 March 2025

Summary

A stack overflow vulnerability has been identified in the Tenda AC9 router, specifically in the wanSpeed parameter of the /goform/AdvSetMacMtuWan endpoint. This flaw could allow attackers to execute arbitrary code remotely, potentially compromising the router’s security and the connected network. It is crucial for users to be aware of this vulnerability to take necessary precautions.

References

https://github.com/shuqi233/loophole/blob/main/Tenda%20AC...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2025