Details of VAR-202503-0071

ID

VAR-202503-0071

CVE

CVE-2025-1895

TITLE

Shenzhen Tenda Technology Co.,Ltd. of tx3 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-002064

DESCRIPTION

A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of tx3 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tenda TX3 is a wireless router produced by Tenda Corporation, providing network connection services. There is a buffer overflow vulnerability in the 16.03.13.11_multi version of Tenda TX3 router, which is caused by improper processing of the deviceList parameter in the /goform/setMacFilterCfg file. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-1895 // JVNDB: JVNDB-2025-002064 // CNVD: CNVD-2025-05263

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-05263

AFFECTED PRODUCTS

vendor:	tenda	model:	tx3	scope:	eq	version:	16.03.13.11	Trust: 1.0
vendor:	tenda	model:	tx3	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	tx3	scope:	eq	version:	tx3 firmware 16.03.13.11	Trust: 0.8
vendor:	tenda	model:	tx3	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	tx3 16.03.13.11 multi	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-05263 // JVNDB: JVNDB-2025-002064 // NVD: CVE-2025-1895

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-1895
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-1895
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-002064
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-05263
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-1895
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-002064
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-05263
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-1895
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-1895
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-002064
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-05263 // JVNDB: JVNDB-2025-002064 // NVD: CVE-2025-1895 // NVD: CVE-2025-1895

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-002064 // NVD: CVE-2025-1895

EXTERNAL IDS

db:	NVD	id:	CVE-2025-1895	Trust: 3.2
db:	VULDB	id:	298413	Trust: 1.0
db:	JVNDB	id:	JVNDB-2025-002064	Trust: 0.8
db:	CNVD	id:	CNVD-2025-05263	Trust: 0.6

sources: CNVD: CNVD-2025-05263 // JVNDB: JVNDB-2025-002064 // NVD: CVE-2025-1895

REFERENCES

url:	https://github.com/2664521593/mycve/blob/main/tenda/tx3/tenda_tx3_bof_1.pdf	Trust: 1.8
url:	https://vuldb.com/?submit.506601	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-1895	Trust: 1.4
url:	https://vuldb.com/?id.298413	Trust: 1.0
url:	https://vuldb.com/?ctiid.298413	Trust: 1.0

sources: CNVD: CNVD-2025-05263 // JVNDB: JVNDB-2025-002064 // NVD: CVE-2025-1895

SOURCES

db:	CNVD	id:	CNVD-2025-05263
db:	JVNDB	id:	JVNDB-2025-002064
db:	NVD	id:	CVE-2025-1895

LAST UPDATE DATE

2025-03-19T23:14:21.956000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-05263	date:	2025-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-002064	date:	2025-03-06T05:43:00
db:	NVD	id:	CVE-2025-1895	date:	2025-03-05T15:18:38.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-05263	date:	2025-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2025-002064	date:	2025-03-06T00:00:00
db:	NVD	id:	CVE-2025-1895	date:	2025-03-04T02:15:36.163