CVE Details
Basic Information
| Title | Tenda AC15 HTTP POST Request AdvSetLanip fromadvsetlanip buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-08T23:31:06.668Z |
| Last Seen |
Product Information
| Vendor | Tenda |
|---|---|
| Product | AC15 |
| Version | 15.03.05.19_multi |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in Tenda AC15 routers allows remote attackers to execute arbitrary code via a buffer overflow in the HTTP POST request handler. The vulnerability is in the fromadvsetlanip function of the /goform/AdvSetLanip component, specifically in the lanMask argument. The exploit is publicly available and can be used to gain control of the router. |
|---|---|
| AI Severity | High |
| Vendor | Tenda |
| Product | AC15 |
| Affected Version | 15.03.05.19_multi |
Affected Products
- Tenda AC15 15.03.05.19_multi
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.