ID
CVE
TITLE
Shenzhen Tenda Technology Co.,Ltd. of tx3 Buffer error vulnerability in firmware
sources:
JVNDB: JVNDB-2025-002121
DESCRIPTION
A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of tx3 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
sources:
NVD: CVE-2025-1899 //
JVNDB: JVNDB-2025-002121
AFFECTED PRODUCTS
| vendor: | tenda | model: | tx3 | scope: | eq | version: | 16.03.13.11 | |
| vendor: | tenda | model: | tx3 | scope: | eq | version: | - | |
| vendor: | tenda | model: | tx3 | scope: | - | version: | - | |
| vendor: | tenda | model: | tx3 | scope: | eq | version: | tx3 firmware 16.03.13.11 | |
sources:
JVNDB: JVNDB-2025-002121 //
NVD: CVE-2025-1899
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| cna@vuldb.com: | CVE-2025-1899 | |
|
| value: | HIGH | | | nvd@nist.gov: | CVE-2025-1899 | |
|
| value: | HIGH | | | OTHER: | JVNDB-2025-002121 | |
|
| value: | HIGH | |
| | cna@vuldb.com: | CVE-2025-1899 | |
|
| severity: | MEDIUM | | baseScore: | 6.8 | | vectorString: | AV:N/AC:L/AU:S/C:N/I:N/A:C | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | 8.0 | | impactScore: | 6.9 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | OTHER: | JVNDB-2025-002121 | |
|
| severity: | MEDIUM | | baseScore: | 6.8 | | vectorString: | AV:N/AC:L/AU:S/C:N/I:N/A:C | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | NONE | | impactScore: | NONE | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | cna@vuldb.com: | CVE-2025-1899 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 6.5 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | LOW | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | HIGH | | exploitabilityScore: | 2.8 | | impactScore: | 3.6 | | version: | 3.1 | | | nvd@nist.gov: | CVE-2025-1899 | |
|
| baseSeverity: | HIGH | | baseScore: | 7.5 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | HIGH | | exploitabilityScore: | 3.9 | | impactScore: | 3.6 | | version: | 3.1 | | | NVD: | JVNDB-2025-002121 | |
|
| baseSeverity: | HIGH | | baseScore: | 7.5 | | vectorString: | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
JVNDB: JVNDB-2025-002121 //
NVD: CVE-2025-1899 //
NVD: CVE-2025-1899
PROBLEMTYPE DATA
| problemtype: | CWE-119 | |
| problemtype: | CWE-120 | |
| problemtype: | Buffer error (CWE-119) [ others ] | |
| problemtype: | Classic buffer overflow (CWE-120) [ others ] | |
sources:
JVNDB: JVNDB-2025-002121 //
NVD: CVE-2025-1899
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-1899 | |
| db: | VULDB | id: | 298417 | |
| db: | JVNDB | id: | JVNDB-2025-002121 | |
sources:
JVNDB: JVNDB-2025-002121 //
NVD: CVE-2025-1899
REFERENCES
| url: | https://github.com/2664521593/mycve/blob/main/tenda/tx3/tenda_tx3_bof_5.pdf | |
| url: | https://vuldb.com/?submit.506607 | |
| url: | https://www.tenda.com.cn/ | |
| url: | https://vuldb.com/?id.298417 | |
| url: | https://vuldb.com/?ctiid.298417 | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-1899 | |
sources:
JVNDB: JVNDB-2025-002121 //
NVD: CVE-2025-1899
SOURCES
| db: | JVNDB | id: | JVNDB-2025-002121 |
| db: | NVD | id: | CVE-2025-1899 |
LAST UPDATE DATE
2025-03-10T01:12:59.580000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2025-002121 | date: | 2025-03-06T12:11:00 |
| db: | NVD | id: | CVE-2025-1899 | date: | 2025-03-05T18:47:21.313 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2025-002121 | date: | 2025-03-06T00:00:00 |
| db: | NVD | id: | CVE-2025-1899 | date: | 2025-03-04T03:15:08.970 |
