CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-4355

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://github.com/Ghostsuzhijian/Iot-/blob/main/DAP-1520_set_ws_action/DAP-1520_set_ws_action.md
https://vuldb.com/?ctiid.307473
https://vuldb.com/?id.307473
https://vuldb.com/?submit.564720
https://www.tenda.com.cn/

Products affected by CVE-2025-4355

Dlink » Dap-1520 » Version: a1

cpe:2.3:h:dlink:dap-1520:a1
Dlink » Dap-1520 Firmware » Version: 1.10b04

cpe:2.3:o:dlink:dap-1520_firmware:1.10b04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4355

Products

Pricing

Contact Us