CVE-2025-5629

Summary

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC1015.03.06.0affected
TendaAC1015.03.06.1affected
TendaAC1015.03.06.2affected
TendaAC1015.03.06.3affected
TendaAC1015.03.06.4affected
TendaAC1015.03.06.5affected
TendaAC1015.03.06.6affected
TendaAC1015.03.06.7affected
TendaAC1015.03.06.8affected
TendaAC1015.03.06.9affected
TendaAC1015.03.06.10affected
TendaAC1015.03.06.11affected
TendaAC1015.03.06.12affected
TendaAC1015.03.06.13affected
TendaAC1015.03.06.14affected
TendaAC1015.03.06.15affected
TendaAC1015.03.06.16affected
TendaAC1015.03.06.17affected
TendaAC1015.03.06.18affected
TendaAC1015.03.06.19affected
TendaAC1015.03.06.20affected
TendaAC1015.03.06.21affected
TendaAC1015.03.06.22affected
TendaAC1015.03.06.23affected
TendaAC1015.03.06.24affected
TendaAC1015.03.06.25affected
TendaAC1015.03.06.26affected
TendaAC1015.03.06.27affected
TendaAC1015.03.06.28affected
TendaAC1015.03.06.29affected
TendaAC1015.03.06.30affected
TendaAC1015.03.06.31affected
TendaAC1015.03.06.32affected
TendaAC1015.03.06.33affected
TendaAC1015.03.06.34affected
TendaAC1015.03.06.35affected
TendaAC1015.03.06.36affected
TendaAC1015.03.06.37affected
TendaAC1015.03.06.38affected
TendaAC1015.03.06.39affected
TendaAC1015.03.06.40affected
TendaAC1015.03.06.41affected
TendaAC1015.03.06.42affected
TendaAC1015.03.06.43affected
TendaAC1015.03.06.44affected
TendaAC1015.03.06.45affected
TendaAC1015.03.06.46affected
TendaAC1015.03.06.47affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

Additional References

References