MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-9605

🚨 CRITICAL

A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument...

Published
Aug 29, 2025
Last Modified
Sep 03, 2025
Views
8
Bookmarks
0

Description

Request Expert Review

A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Affected Products (2)

tenda - ac21_firmware

Version: 16.03.08.16

tenda - ac23_firmware

Version: 16.03.08.16

CVSS Scores

CVSS 3.1 9.8
9.8
CRITICAL
CVSS 2.0 9.8

References

github.com github.com vuldb.com vuldb.com vuldb.com vuldb.com www.tenda.com.cn github.com github.com

Additional Information

Source
cna@vuldb.com
State
Analyzed

Related CVEs

CVE-2025-13161

HIGH

IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relati...

Score: 7.5

CVE-2025-13160

MEDIUM

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to a...

Score: 5.3

CVE-2025-12904

HIGH

The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up...

Score: 7.2

CVE-2025-64530

HIGH

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composi...

Score: 7.5

CVE-2025-64753

MEDIUM

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints li...

Score: 5.3

CVE-2025-64752

MEDIUM

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for f...

Score: 6.8

Share CVE-2025-9605

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-9605 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis