Tenda AC10U POST Request Parameter AdvSetLanip fromadvsetlanip buffer overflow

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing manipulation of the argument lanMask can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

AI Analysis

Buffer overflow vulnerability in Tenda AC10U via manipulation of the lanMask argument in the fromadvsetlanip function of the AdvSetLanip component

Basic Information

ID CVE-2025-15218

Source VulDB

Published Dec 30, 2025 at 03:32

Affected Product

Vendor Tenda

Product AC10U

Version 15.03.06.48

Affected Versions Tenda AC10U 15.03.06.48
Tenda AC10U 15.03.06.49

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC10U

Version 15.03.06.48, 15.03.06.49

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing manipulation of the argument lanMask can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.",
    "published": "2025-12-30T03:32:08.254Z",
    "modified": "2025-12-30T03:32:08.254Z",
    "type": "cve",
    "title": "Tenda AC10U POST Request Parameter AdvSetLanip fromadvsetlanip buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338603\nhttps://vuldb.com/?ctiid.338603\nhttps://vuldb.com/?submit.725461\nhttps://lavender-bicycle-a5a.notion.site/Tenda-AC10U-fromadvsetlanip-2d753a41781f800c86c8d388a38e8101?source=copy_link\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-15218",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC10U 15.03.06.48\nTenda AC10U 15.03.06.49",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC10U",
    "version": "15.03.06.48",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC10U via manipulation of the lanMask argument in the fromadvsetlanip function of the AdvSetLanip component",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC10U",
    "ai_version": "15.03.06.48, 15.03.06.49",
    "ai_score": 8.7
}

Tenda AC10U POST Request Parameter AdvSetLanip fromadvsetlanip buffer overflow_CVE-2025-15218