Cyber Resilience

CVE-2023-25235

HighPublic PoC

Published: 27 February 2023

Published
27 February 2023
Modified
10 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0305 87.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-25235 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Tenda Ac500 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 13.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Tenda AC500 routers running firmware version V2.0.1.9(1307) contain a buffer overflow vulnerability in the formOneSsidCfgSet function, triggered through the ssid parameter. The flaw is classified under CWE-787 as an out-of-bounds write and carries a CVSS 3.1 score of 7.5, reflecting network-accessible attack vector, low complexity, and high impact on availability with no requirements for authentication or user interaction.

Remote attackers without credentials can exploit the issue by submitting a maliciously crafted ssid value in a configuration request, leading to memory corruption that can crash the affected device and produce a denial-of-service condition. The same network vector allows the attack to be launched against any exposed administrative interface.

The two referenced GitHub repositories document the vulnerability details but contain no information on official patches or vendor mitigation steps. Exploitation probability, as measured by EPSS, rose from a low baseline to a peak of 0.1829 before receding to the current value of 0.0305, indicating a period of increased interest following disclosure.

EU & UK References

Vulnerability details

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tenda
ac500 firmware
2.0.1.9\(1307\)

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References