Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-10803

Source VulDB

Published Sep 22, 2025 at 15:02

Affected Product

Vendor Tenda

Product AC23

Version 16.03.07.0

Affected Versions Tenda AC23 16.03.07.0
Tenda AC23 16.03.07.1
Tenda AC23 16.03.07.2
Tenda AC23 16.03.07.3
Tenda AC23 16.03.07.4
Tenda AC23 16.03.07.5
Tenda AC23 16.03.07.6
Tenda AC23 16.03.07.7
Tenda AC23 16.03.07.8
Tenda AC23 16.03.07.9
Tenda AC23 16.03.07.10
Tenda AC23 16.03.07.11
Tenda AC23 16.03.07.12
Tenda AC23 16.03.07.13
Tenda AC23 16.03.07.14
Tenda AC23 16.03.07.15
Tenda AC23 16.03.07.16
Tenda AC23 16.03.07.17
Tenda AC23 16.03.07.18
Tenda AC23 16.03.07.19
Tenda AC23 16.03.07.20
Tenda AC23 16.03.07.21
Tenda AC23 16.03.07.22
Tenda AC23 16.03.07.23
Tenda AC23 16.03.07.24
Tenda AC23 16.03.07.25
Tenda AC23 16.03.07.26
Tenda AC23 16.03.07.27
Tenda AC23 16.03.07.28
Tenda AC23 16.03.07.29
Tenda AC23 16.03.07.30
Tenda AC23 16.03.07.31
Tenda AC23 16.03.07.32
Tenda AC23 16.03.07.33
Tenda AC23 16.03.07.34
Tenda AC23 16.03.07.35
Tenda AC23 16.03.07.36
Tenda AC23 16.03.07.37
Tenda AC23 16.03.07.38
Tenda AC23 16.03.07.39
Tenda AC23 16.03.07.40
Tenda AC23 16.03.07.41
Tenda AC23 16.03.07.42
Tenda AC23 16.03.07.43
Tenda AC23 16.03.07.44
Tenda AC23 16.03.07.45
Tenda AC23 16.03.07.46
Tenda AC23 16.03.07.47
Tenda AC23 16.03.07.48
Tenda AC23 16.03.07.49
Tenda AC23 16.03.07.50
Tenda AC23 16.03.07.51
Tenda AC23 16.03.07.52

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-09-22T15:02:07.142Z",
    "modified": "2025-09-22T15:02:07.142Z",
    "type": "cve",
    "title": "Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325161\nhttps://vuldb.com/?ctiid.325161\nhttps://vuldb.com/?submit.654237\nhttps://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-10803",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC23 16.03.07.0\nTenda AC23 16.03.07.1\nTenda AC23 16.03.07.2\nTenda AC23 16.03.07.3\nTenda AC23 16.03.07.4\nTenda AC23 16.03.07.5\nTenda AC23 16.03.07.6\nTenda AC23 16.03.07.7\nTenda AC23 16.03.07.8\nTenda AC23 16.03.07.9\nTenda AC23 16.03.07.10\nTenda AC23 16.03.07.11\nTenda AC23 16.03.07.12\nTenda AC23 16.03.07.13\nTenda AC23 16.03.07.14\nTenda AC23 16.03.07.15\nTenda AC23 16.03.07.16\nTenda AC23 16.03.07.17\nTenda AC23 16.03.07.18\nTenda AC23 16.03.07.19\nTenda AC23 16.03.07.20\nTenda AC23 16.03.07.21\nTenda AC23 16.03.07.22\nTenda AC23 16.03.07.23\nTenda AC23 16.03.07.24\nTenda AC23 16.03.07.25\nTenda AC23 16.03.07.26\nTenda AC23 16.03.07.27\nTenda AC23 16.03.07.28\nTenda AC23 16.03.07.29\nTenda AC23 16.03.07.30\nTenda AC23 16.03.07.31\nTenda AC23 16.03.07.32\nTenda AC23 16.03.07.33\nTenda AC23 16.03.07.34\nTenda AC23 16.03.07.35\nTenda AC23 16.03.07.36\nTenda AC23 16.03.07.37\nTenda AC23 16.03.07.38\nTenda AC23 16.03.07.39\nTenda AC23 16.03.07.40\nTenda AC23 16.03.07.41\nTenda AC23 16.03.07.42\nTenda AC23 16.03.07.43\nTenda AC23 16.03.07.44\nTenda AC23 16.03.07.45\nTenda AC23 16.03.07.46\nTenda AC23 16.03.07.47\nTenda AC23 16.03.07.48\nTenda AC23 16.03.07.49\nTenda AC23 16.03.07.50\nTenda AC23 16.03.07.51\nTenda AC23 16.03.07.52",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC23",
    "version": "16.03.07.0",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow_CVE-2025-10803