← back
CVE-2025-5851

Tenda AC15 HTTP POST Request AdvSetLanip fromadvsetlanip buffer overflow

CVSS 8.7 HIGHEPSS 0.8%CWE-119CWE-120
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
Tenda · AC15

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://candle-throne-f75.notion.site/Tenda-AC15-fromadvsetlanip-20adf0aa118580a09182c1c5c42079fchttps://vuldb.com/?ctiid.311597https://vuldb.com/?id.311597https://vuldb.com/?submit.591384https://www.tenda.com.cn/