CVE 8.7 HIGH

Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow_CVE-2025-15217

December 29, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.

AI Analysis

Buffer overflow in Tenda AC23 via HTTP POST request to formSetPPTPUserList

Basic Information

ID CVE-2025-15217

Source VulDB

Published Dec 30, 2025 at 03:02

Affected Product

Vendor Tenda

Product AC23

Version 16.03.07.52

Affected Versions Tenda AC23 16.03.07.52

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC23

Version 16.03.07.52

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.",
    "published": "2025-12-30T03:02:07.501Z",
    "modified": "2025-12-30T03:02:07.501Z",
    "type": "cve",
    "title": "Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338602\nhttps://vuldb.com/?ctiid.338602\nhttps://vuldb.com/?submit.725448\nhttps://lavender-bicycle-a5a.notion.site/Tenda-AC23-formSetPPTPUserList-2d753a41781f8091b772cf9e66a687f1?source=copy_link\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-15217",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC23 16.03.07.52",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC23",
    "version": "16.03.07.52",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow in Tenda AC23 via HTTP POST request to formSetPPTPUserList",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC23",
    "ai_version": "16.03.07.52",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply