CVE-2025-12622

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
8.8 HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://pan.baidu.com/s/1Jl1zy5niigg1XYm8ZCh_Lg
https://vuldb.com/?ctiid.330914
https://vuldb.com/?id.330914
https://vuldb.com/?submit.678889
https://www.tenda.com.cn/
https://www.yuque.com/ba1ma0-an29k/nnxoap/rg8eug0zk8ep3zne?singleDoc