CVE-2025-4368: Tenda AC8 MtuSetMacWan formGetRouterStatus buffer overflow
First published: Tue May 06 2025(Updated: )
A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda AC8 firmware | =16.03.34.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4368?
CVE-2025-4368 is classified as a critical vulnerability.
What type of vulnerability is CVE-2025-4368?
CVE-2025-4368 is a buffer overflow vulnerability found in Tenda AC8 firmware.
How do I fix CVE-2025-4368?
To fix CVE-2025-4368, upgrade your Tenda AC8 firmware to the latest version provided by the vendor.
What can an attacker do with CVE-2025-4368?
An attacker can exploit CVE-2025-4368 to perform a remote attack due to the buffer overflow.
Which versions of Tenda AC8 are affected by CVE-2025-4368?
CVE-2025-4368 affects Tenda AC8 version 16.03.34.06 specifically.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/references
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- vendor/tenda
- canonical/tenda ac8 firmware