CVE Details
Basic Information
| Title | Tenda AC15 HTTP POST Request SetLEDCf formsetschedled buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-08T23:00:20.211Z |
| Last Seen |
Product Information
| Vendor | Tenda |
|---|---|
| Product | AC15 |
| Version | 15.03.05.19_multi |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A buffer overflow vulnerability exists in the Tenda AC15 router’s HTTP POST request handler, specifically in the formsetschedled function of the /goform/SetLEDCf component. This flaw allows remote attackers to execute arbitrary code by manipulating the ‘Time’ argument, potentially leading to a complete system compromise. The vulnerability has a high CVSS score and affects version 15.03.05.19_multi of the AC15 router. |
|---|---|
| AI Severity | High |
| Vendor | Tenda |
| Product | AC15 Router |
| Affected Version | 15.03.05.19_multi |
Affected Products
- Tenda AC15 15.03.05.19_multi
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.