Search criteria
18 vulnerabilities found for f3_firmware by tenda
FKIE_CVE-2025-57570
Vulnerability from fkie_nvd - Published: 2025-09-10 16:15 - Updated: 2025-09-17 20:59
Severity ?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Not Applicable | |
| cve@mitre.org | https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57570/C.V.E-2025-57570.md | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | f3_firmware | 12.01.01.48 | |
| tenda | f3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f3_firmware:12.01.01.48:*:*:*:*:*:*:*",
"matchCriteriaId": "2D427C02-DA4D-429F-985A-CB3EA6C9BB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9480BB-FC48-4614-A003-A991109FBCAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS."
},
{
"lang": "es",
"value": "Tenda F3 V12.01.01.48_multi y posterior es vulnerable a desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro QosList en goform/setQoS."
}
],
"id": "CVE-2025-57570",
"lastModified": "2025-09-17T20:59:57.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-10T16:15:39.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57570/C.V.E-2025-57570.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-57571
Vulnerability from fkie_nvd - Published: 2025-09-10 16:15 - Updated: 2025-09-17 20:58
Severity ?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Not Applicable | |
| cve@mitre.org | https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57571/C.V.E-2025-57571.md | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | f3_firmware | 12.01.01.48 | |
| tenda | f3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f3_firmware:12.01.01.48:*:*:*:*:*:*:*",
"matchCriteriaId": "2D427C02-DA4D-429F-985A-CB3EA6C9BB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9480BB-FC48-4614-A003-A991109FBCAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT."
},
{
"lang": "es",
"value": "Tenda F3 V12.01.01.48_multi y posteriores es vulnerable a desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro macFilterList en goform/setNAT."
}
],
"id": "CVE-2025-57571",
"lastModified": "2025-09-17T20:58:45.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-10T16:15:39.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57571/C.V.E-2025-57571.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-57573
Vulnerability from fkie_nvd - Published: 2025-09-10 16:15 - Updated: 2025-09-17 20:58
Severity ?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Not Applicable | |
| cve@mitre.org | https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57573/C.V.E-2025-57573.md | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | f3_firmware | 12.01.01.48 | |
| tenda | f3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f3_firmware:12.01.01.48:*:*:*:*:*:*:*",
"matchCriteriaId": "2D427C02-DA4D-429F-985A-CB3EA6C9BB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9480BB-FC48-4614-A003-A991109FBCAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi."
},
{
"lang": "es",
"value": "Tenda F3 V12.01.01.48_multi y posterior es vulnerable a desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro wifiTimeClose en goform/setWifi."
}
],
"id": "CVE-2025-57573",
"lastModified": "2025-09-17T20:58:07.797",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-10T16:15:39.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57573/C.V.E-2025-57573.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-57572
Vulnerability from fkie_nvd - Published: 2025-09-10 16:15 - Updated: 2025-09-17 20:58
Severity ?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Not Applicable | |
| cve@mitre.org | https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57572/C.V.E-2025-57572.md | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | f3_firmware | 12.01.01.48 | |
| tenda | f3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f3_firmware:12.01.01.48:*:*:*:*:*:*:*",
"matchCriteriaId": "2D427C02-DA4D-429F-985A-CB3EA6C9BB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9480BB-FC48-4614-A003-A991109FBCAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl."
},
{
"lang": "es",
"value": "Tenda F3 V12.01.01.48_multi y posteriores es vulnerable a desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro onlineList en goform/setParentControl."
}
],
"id": "CVE-2025-57572",
"lastModified": "2025-09-17T20:58:33.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-10T16:15:39.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57572/C.V.E-2025-57572.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-57569
Vulnerability from fkie_nvd - Published: 2025-09-10 16:15 - Updated: 2025-09-17 21:01
Severity ?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Not Applicable | |
| cve@mitre.org | https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57569/C.V.E-2025-57569.md | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | f3_firmware | 12.01.01.48 | |
| tenda | f3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f3_firmware:12.01.01.48:*:*:*:*:*:*:*",
"matchCriteriaId": "2D427C02-DA4D-429F-985A-CB3EA6C9BB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9480BB-FC48-4614-A003-A991109FBCAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT."
},
{
"lang": "es",
"value": "Tenda F3 V12.01.01.48_multi y posterior es vulnerable a desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro portList en /goform/setNAT."
}
],
"id": "CVE-2025-57569",
"lastModified": "2025-09-17T21:01:39.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-10T16:15:39.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57569/C.V.E-2025-57569.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-35391
Vulnerability from fkie_nvd - Published: 2021-01-01 07:15 - Updated: 2024-11-21 05:27
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | f3_firmware | 12.01.01.48 | |
| tenda | f3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f3_firmware:12.01.01.48:*:*:*:*:*:*:*",
"matchCriteriaId": "2D427C02-DA4D-429F-985A-CB3EA6C9BB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9480BB-FC48-4614-A003-A991109FBCAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device\u0027s HTTP response behavior."
},
{
"lang": "es",
"value": "Los dispositivos Tenda N300 F3 versi\u00f3n 12.01.01.48, permiten a atacantes remotos obtener informaci\u00f3n confidencial (posiblemente incluyendo una l\u00ednea http_passwd) por medio de una petici\u00f3n directa de cgi-bin/DownloadCfg/RouterCfm.cfg, un problema relacionado con CVE-2017-14942.\u0026#xa0;NOTA: el reporte de vulnerabilidad puede sugerir que un caracter ?\u0026#xa0;debe ser colocado despu\u00e9s del nombre del archivo RouterCfm.cfg, o que los encabezados de la petici\u00f3n HTTP deben ser inusuales, pero no se sabe por qu\u00e9 son relevantes para el comportamiento de la respuesta HTTP del dispositivo."
}
],
"id": "CVE-2020-35391",
"lastModified": "2024-11-21T05:27:15.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-01T07:15:16.100",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-57572 (GCVE-0-2025-57572)
Vulnerability from cvelistv5 – Published: 2025-09-10 00:00 – Updated: 2025-09-10 20:29
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57572",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:29:02.908663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:29:38.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T15:44:55.865Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57572/C.V.E-2025-57572.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57572",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T20:29:38.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57573 (GCVE-0-2025-57573)
Vulnerability from cvelistv5 – Published: 2025-09-10 00:00 – Updated: 2025-09-10 20:18
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:18:07.235641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:18:50.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T15:40:17.411Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57573/C.V.E-2025-57573.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57573",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T20:18:50.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57570 (GCVE-0-2025-57570)
Vulnerability from cvelistv5 – Published: 2025-09-10 00:00 – Updated: 2025-09-10 20:26
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57570",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:26:18.648341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:26:43.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T15:37:10.831Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57570/C.V.E-2025-57570.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57570",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T20:26:43.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57571 (GCVE-0-2025-57571)
Vulnerability from cvelistv5 – Published: 2025-09-10 00:00 – Updated: 2025-09-10 19:55
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57571",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T19:53:10.008366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:55:50.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T16:00:11.103Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57571/C.V.E-2025-57571.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57571",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T19:55:50.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57569 (GCVE-0-2025-57569)
Vulnerability from cvelistv5 – Published: 2025-09-10 00:00 – Updated: 2025-09-10 20:10
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57569",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:09:01.011864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:10:00.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T16:01:27.373Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57569/C.V.E-2025-57569.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57569",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T20:10:00.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35391 (GCVE-0-2020-35391)
Vulnerability from cvelistv5 – Published: 2021-01-01 00:00 – Updated: 2024-08-04 17:02
VLAI?
Summary
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
Severity ?
9.6 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device\u0027s HTTP response behavior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://medium.com/%40signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e"
},
{
"url": "http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35391",
"datePublished": "2021-01-01T00:00:00",
"dateReserved": "2020-12-14T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57572 (GCVE-0-2025-57572)
Vulnerability from nvd – Published: 2025-09-10 00:00 – Updated: 2025-09-10 20:29
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57572",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:29:02.908663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:29:38.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T15:44:55.865Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57572/C.V.E-2025-57572.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57572",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T20:29:38.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57573 (GCVE-0-2025-57573)
Vulnerability from nvd – Published: 2025-09-10 00:00 – Updated: 2025-09-10 20:18
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:18:07.235641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:18:50.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T15:40:17.411Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57573/C.V.E-2025-57573.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57573",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T20:18:50.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57570 (GCVE-0-2025-57570)
Vulnerability from nvd – Published: 2025-09-10 00:00 – Updated: 2025-09-10 20:26
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57570",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:26:18.648341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:26:43.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T15:37:10.831Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57570/C.V.E-2025-57570.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57570",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T20:26:43.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57571 (GCVE-0-2025-57571)
Vulnerability from nvd – Published: 2025-09-10 00:00 – Updated: 2025-09-10 19:55
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57571",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T19:53:10.008366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:55:50.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T16:00:11.103Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57571/C.V.E-2025-57571.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57571",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T19:55:50.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57569 (GCVE-0-2025-57569)
Vulnerability from nvd – Published: 2025-09-10 00:00 – Updated: 2025-09-10 20:10
VLAI?
Summary
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57569",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:09:01.011864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:10:00.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T16:01:27.373Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tenda.com"
},
{
"url": "https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57569/C.V.E-2025-57569.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57569",
"datePublished": "2025-09-10T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-10T20:10:00.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35391 (GCVE-0-2020-35391)
Vulnerability from nvd – Published: 2021-01-01 00:00 – Updated: 2024-08-04 17:02
VLAI?
Summary
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
Severity ?
9.6 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device\u0027s HTTP response behavior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://medium.com/%40signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e"
},
{
"url": "http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35391",
"datePublished": "2021-01-01T00:00:00",
"dateReserved": "2020-12-14T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}