First published: Fri Mar 14 2025(Updated: )
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tenda AC7/AC9/AC10 Routers | =V15.03.05.14_multi | |
All of | ||
Tenda AC9 | =15.03.05.14 | |
Tenda AC7/AC9/AC10 Routers | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-29385 has a high severity rating due to its potential for remote arbitrary code execution.
To mitigate CVE-2025-29385, it is recommended to update the Tenda AC9 router to a patched firmware version or apply the suggested security controls.
CVE-2025-29385 affects the Tenda AC9 router version V15.03.05.14_multi.
Yes, CVE-2025-29385 can be exploited remotely due to the stack overflow vulnerability present in the router's web interface.
Exploitation of CVE-2025-29385 could lead to unauthorized remote code execution, potentially compromising the entire network.