Vulnerability Description
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | Ac21 Firmware | 16.03.08.16 |
| Tenda | Ac21 | - |
| Tenda | Ac23 Firmware | 16.03.08.16 |
| Tenda | Ac23 | - |
Related Weaknesses (CWE)
References
- https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC21/AC21V1.0re_V16.03.08.1ExploitThird Party Advisory
- https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC23/Stack-Based%20Buffer%2ExploitThird Party Advisory
- https://vuldb.com/?ctiid.321783Permissions RequiredVDB Entry
- https://vuldb.com/?id.321783Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.636545Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.636548Third Party AdvisoryVDB Entry
- https://www.tenda.com.cn/Product
- https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC21/AC21V1.0re_V16.03.08.1ExploitThird Party Advisory
- https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC23/Stack-Based%20Buffer%2ExploitThird Party Advisory
FAQ
What is CVE-2025-9605?
CVE-2025-9605 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument...
How severe is CVE-2025-9605?
CVE-2025-9605 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-9605?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ac21 Firmware, Tenda Ac21, Tenda Ac23 Firmware, Tenda Ac23.