CVE-2025-10803

Summary

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC2316.03.07.0affected
TendaAC2316.03.07.1affected
TendaAC2316.03.07.2affected
TendaAC2316.03.07.3affected
TendaAC2316.03.07.4affected
TendaAC2316.03.07.5affected
TendaAC2316.03.07.6affected
TendaAC2316.03.07.7affected
TendaAC2316.03.07.8affected
TendaAC2316.03.07.9affected
TendaAC2316.03.07.10affected
TendaAC2316.03.07.11affected
TendaAC2316.03.07.12affected
TendaAC2316.03.07.13affected
TendaAC2316.03.07.14affected
TendaAC2316.03.07.15affected
TendaAC2316.03.07.16affected
TendaAC2316.03.07.17affected
TendaAC2316.03.07.18affected
TendaAC2316.03.07.19affected
TendaAC2316.03.07.20affected
TendaAC2316.03.07.21affected
TendaAC2316.03.07.22affected
TendaAC2316.03.07.23affected
TendaAC2316.03.07.24affected
TendaAC2316.03.07.25affected
TendaAC2316.03.07.26affected
TendaAC2316.03.07.27affected
TendaAC2316.03.07.28affected
TendaAC2316.03.07.29affected
TendaAC2316.03.07.30affected
TendaAC2316.03.07.31affected
TendaAC2316.03.07.32affected
TendaAC2316.03.07.33affected
TendaAC2316.03.07.34affected
TendaAC2316.03.07.35affected
TendaAC2316.03.07.36affected
TendaAC2316.03.07.37affected
TendaAC2316.03.07.38affected
TendaAC2316.03.07.39affected
TendaAC2316.03.07.40affected
TendaAC2316.03.07.41affected
TendaAC2316.03.07.42affected
TendaAC2316.03.07.43affected
TendaAC2316.03.07.44affected
TendaAC2316.03.07.45affected
TendaAC2316.03.07.46affected
TendaAC2316.03.07.47affected
TendaAC2316.03.07.48affected
TendaAC2316.03.07.49affected
TendaAC2316.03.07.50affected
TendaAC2316.03.07.51affected
TendaAC2316.03.07.52affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References