Security Vulnerabilities - CVEs Published In June 2025
A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOSÂ through improper input.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-08