CVE-2025-4368 – Tenda AC8 Buffer Overflow Vulnerability

May 6, 2025

CVE ID : CVE-2025-4368

Published : May 6, 2025, 4:15 p.m. | 3 hours, 19 minutes ago

Description : A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4384 – PcVue MQTT Certificate Validation Bypass

Next Article CVE-2025-4363 – iSourcecode Gym Management System SQL Injection Vulnerability

Highlights

CVE-2025-4382 – GRUB TPM Auto- decryption Data Exposure

May 9, 2025

CVE ID : CVE-2025-4382

Published : May 9, 2025, 12:15 p.m. | 3 hours, 23 minutes ago

Description : A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This feature makes Copilot feel like your personal AI assistant — here’s how to test it

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-4368 – Tenda AC8 Buffer Overflow Vulnerability

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

CVE-2025-5303 – Freightview, Daylight, Day & Ross WordPress Plugins – Stored Cross-Site Scripting

Ubuntu 25.10 Will Ship with the Linux 6.17 Kernel

Deployer

Mastering TypeScript: How Complex Should Your Types Be?

CVE-2025-4382 – GRUB TPM Auto- decryption Data Exposure

This feature makes Copilot feel like your personal AI assistant — here’s how to test it

Solo.io launches MCP Gateway to tackle AI agent sprawl

Adobe Sensei and GenAI in Practice for Enterprise CMS

CVE-2025-4368 – Tenda AC8 Buffer Overflow Vulnerability

Related Posts