CVE-2025-7914

high

Description

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely.

References

Advisories
More

https://vuldb.com/?submit.618859

https://vuldb.com/?id.317029

https://github.com/gaochen61/IoTVuln/blob/main/Tenda_AC6_V15.03.06.50/setparentcontrolinfo.md

https://www.tenda.com.cn/

https://vuldb.com/?ctiid.317029

Details

Source: Mitre, NVD

Published: 2025-07-21

Updated: 2025-07-23

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00046