CVE-2025-15356

Summary

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC2016.03.08.0affected
TendaAC2016.03.08.1affected
TendaAC2016.03.08.2affected
TendaAC2016.03.08.3affected
TendaAC2016.03.08.4affected
TendaAC2016.03.08.5affected
TendaAC2016.03.08.6affected
TendaAC2016.03.08.7affected
TendaAC2016.03.08.8affected
TendaAC2016.03.08.9affected
TendaAC2016.03.08.10affected
TendaAC2016.03.08.11affected
TendaAC2016.03.08.12affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References