CVE-2025-10815

Summary

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC2016.03.08.0affected
TendaAC2016.03.08.1affected
TendaAC2016.03.08.2affected
TendaAC2016.03.08.3affected
TendaAC2016.03.08.4affected
TendaAC2016.03.08.5affected
TendaAC2016.03.08.6affected
TendaAC2016.03.08.7affected
TendaAC2016.03.08.8affected
TendaAC2016.03.08.9affected
TendaAC2016.03.08.10affected
TendaAC2016.03.08.11affected
TendaAC2016.03.08.12affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References