CVE Details
Basic Information
| Title | Tenda AC15 HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-08T22:00:11.191Z |
| Last Seen |
Product Information
| Vendor | Tenda |
|---|---|
| Product | AC15 |
| Version | 15.03.05.19_multi |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A buffer overflow vulnerability exists in the Tenda AC15 router’s HTTP POST request handler, specifically in the formSetPPTPUserList function. This can be exploited remotely to execute arbitrary code or cause a denial of service. The vulnerability affects version 15.03.05.19_multi and has a CVSS score of 8.7. |
|---|---|
| AI Severity | High |
| Vendor | Tenda |
| Product | AC15 |
| Affected Version | 15.03.05.19_multi |
Affected Products
- Tenda AC15 15.03.05.19_multi
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.