CVE 8.7 HIGH

Tenda AC21 SetPptpServerCfg formSetPPTPServer buffer overflow_CVE-2025-12611

November 3, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

AI Analysis

Buffer overflow vulnerability in Tenda AC21's formSetPPTPServer function

Basic Information

ID CVE-2025-12611

Source VulDB

Published Nov 3, 2025 at 02:02

Affected Product

Vendor Tenda

Product AC21

Version 16.03.08.16

Affected Versions Tenda AC21 16.03.08.16

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC21

Version 16.03.08.16

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.",
    "published": "2025-11-03T02:02:09.734Z",
    "modified": "2025-11-03T02:02:09.734Z",
    "type": "cve",
    "title": "Tenda AC21 SetPptpServerCfg formSetPPTPServer buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.330906\nhttps://vuldb.com/?ctiid.330906\nhttps://vuldb.com/?submit.678491\nhttps://github.com/LX-LX88/cve/issues/10\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-12611",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC21 16.03.08.16",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC21",
    "version": "16.03.08.16",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC21's formSetPPTPServer function",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC21",
    "ai_version": "16.03.08.16",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply