CVE-2025-3786

Summary

A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC1515.03.05.0affected
TendaAC1515.03.05.1affected
TendaAC1515.03.05.2affected
TendaAC1515.03.05.3affected
TendaAC1515.03.05.4affected
TendaAC1515.03.05.5affected
TendaAC1515.03.05.6affected
TendaAC1515.03.05.7affected
TendaAC1515.03.05.8affected
TendaAC1515.03.05.9affected
TendaAC1515.03.05.10affected
TendaAC1515.03.05.11affected
TendaAC1515.03.05.12affected
TendaAC1515.03.05.13affected
TendaAC1515.03.05.14affected
TendaAC1515.03.05.15affected
TendaAC1515.03.05.16affected
TendaAC1515.03.05.17affected
TendaAC1515.03.05.18affected
TendaAC1515.03.05.19affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References