CVE-2025-15215

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

7.4HIGH

EPSS

0.1%

top 79.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda Ac10u Tenda Ac10u Firmware

Timeline

PublishedDec 30

Description

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/ac10u15.03.06.48, 15.03.06.49+1

▶NVDtenda/ac10u_firmware15.03.06.48, 15.03.06.49+1

🔴Vulnerability Details

GHSA

GHSA-p9pg-8prj-h5rw: A vulnerability was determined in Tenda AC10U 15↗2025-12-30

▶

CVEList

Tenda AC10U HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow↗2025-12-30

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Tenda AC10 setPptpUserList list Parameter Buffer Overflow Attempt (CVE-2025-45779, CVE-2025-65221, 2025-15215, 2025-15217)↗2025-05-12

▶