CVE-2025-11550

Опубликовано: 09 окт. 2025

Источник: nvd

CVSS3: 6.5

CVSS2: 6.8

EPSS Низкий

Описание

A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.

Ссылки

https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/Tenda_W12/cgiWifiScheduledSet/cgiWifiScheduledSet.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.327709
Permissions Required
VDB Entry
https://vuldb.com/?id.327709
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.670118
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/
Product
https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/Tenda_W12/cgiWifiScheduledSet/cgiWifiScheduledSet.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:w12_firmware:3.0.0.6\(3948\):*:*:*:*:*:*:*

cpe:2.3:h:tenda:w12:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00091

Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-404

CWE-476

Связанные уязвимости

GHSA-jvm5-jgxh-5564