Stack Overflow Vulnerability in Tenda AC9 Router Firmware
CVE-2025-45427

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: AC9 Router
Vendor: CVE Published:; 23 April 2025

Summary

The Tenda AC9 router firmware version V15.03.05.14_multi has a significant stack overflow vulnerability in the security parameter of the /goform/WifiBasicSet function. This flaw could allow remote attackers to execute arbitrary code on the device, potentially compromising the router’s integrity and granting them unauthorized access to the network. It is crucial for users to apply necessary patches and ensure their devices run the latest firmware.

References

https://github.com/shuqi233/loophole/blob/main/Tenda%20AC...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Apr 22, 2025