Tenda AC10U HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

AI Analysis

Buffer overflow vulnerability in Tenda AC10U via HTTP POST request to setPptpUserList, allowing remote attackers to initiate an attack.

Basic Information

ID CVE-2025-15215

Source VulDB

Published Dec 30, 2025 at 02:02

Affected Product

Vendor Tenda

Product AC10U

Version 15.03.06.48

Affected Versions Tenda AC10U 15.03.06.48
Tenda AC10U 15.03.06.49

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC10U

Version 15.03.06.48, 15.03.06.49

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-12-30T02:02:08.414Z",
    "modified": "2025-12-30T02:02:08.414Z",
    "type": "cve",
    "title": "Tenda AC10U HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338600\nhttps://vuldb.com/?ctiid.338600\nhttps://vuldb.com/?submit.725365\nhttps://www.notion.so/Tenda-AC10U-setPptpUserList-2d753a41781f80e8ba6bc37ba6100343?pvs=73\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-15215",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC10U 15.03.06.48\nTenda AC10U 15.03.06.49",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC10U",
    "version": "15.03.06.48",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC10U via HTTP POST request to setPptpUserList, allowing remote attackers to initiate an attack.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC10U",
    "ai_version": "15.03.06.48, 15.03.06.49",
    "ai_score": 8.7
}

Tenda AC10U HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow_CVE-2025-15215