CVE Details
Basic Information
| Title | Tenda AC6 setPptpUserList formSetPPTPUserList buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-09T00:00:18.274Z |
| Last Seen |
Product Information
| Vendor | Tenda |
|---|---|
| Product | AC6 |
| Version | 15.03.05.16 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical buffer overflow vulnerability exists in Tenda AC6 firmware version 15.03.05.16, specifically in the formSetPPTPUserList function. This flaw allows remote attackers to execute arbitrary code by exploiting the buffer overflow in the list argument. The vulnerability has been publicly disclosed and can be exploited remotely. |
|---|---|
| AI Severity | High |
| Vendor | Tenda |
| Product | AC6 |
| Affected Version | 15.03.05.16 |
Affected Products
- Tenda AC6 15.03.05.16
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.