davybat - Security Researcher - Exploit Intelligence Platform

CVE-2025-9297 WRITEUP HIGH WRITEUP

Tenda i22 1.0.0.3(4687) - Buffer Overflow

A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

CVSS 8.8

View Code

CVE-2025-9299 WRITEUP HIGH WRITEUP

Tenda M3 1.0.0.12 - Buffer Overflow

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-9297 WRITEUP HIGH WRITEUP

Tenda i22 1.0.0.3(4687) - Buffer Overflow

A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

CVSS 8.8

View Code

CVE-2025-9298 WRITEUP HIGH WRITEUP

Tenda M3 1.0.0.12 - Buffer Overflow

A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

CVSS 8.8

View Code

CVE-2025-9299 WRITEUP HIGH WRITEUP

Tenda M3 1.0.0.12 - Buffer Overflow

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code