CVE-2023-25234

CRITICAL

Tenda Ac500 Firmware - Out-of-Bounds Write

Title source: rule

Description

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.

Exploits (1)

nomisec WRITEUP
by FzBacon · poc
https://github.com/FzBacon/CVE-2023-25234_Tenda_AC6_stack_overflow

References (1)

Scores

CVSS v3 9.8
EPSS 0.3413
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
tenda/ac500_firmware 2.0.1.9\(1307\)
Published Feb 27, 2023
Tracked Since Feb 18, 2026