Buffer Overflow Vulnerability in Tenda AC9 Router
CVE-2025-5839
Key Information:
Badges
What is CVE-2025-5839?
A vulnerability in Tenda AC9 routers has been identified, which can be exploited remotely through a buffer overflow in the POST Request Handler. Specifically, the function fromadvsetlanip within the /goform/AdvSetLanip file is impacted. A malicious attacker could manipulate the 'lanMask' argument, leading to potential system compromise. Given that this exploit has been disclosed publicly, organizations using this router version should promptly assess their security measures and apply necessary mitigations.
Affected Version(s)
AC9 15.03.02.13
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved