CVE-2025-12618

A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
8.8 HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://pan.baidu.com/s/11fdpTujKw6Xz0yPE2l4cMw
https://vuldb.com/?ctiid.330912
https://vuldb.com/?id.330912
https://vuldb.com/?submit.678887
https://www.tenda.com.cn/
https://www.yuque.com/ba1ma0-an29k/nnxoap/ow5xrpw56dqsgtdy?singleDoc