CVE-2025-5850Improper Restriction of Operations within the Bounds of a Memory Buffer in Ac15

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.9%
top 23.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ac15Tenda Ac15 Firmware
Timeline
PublishedJun 8
Latest updateJun 9

Description

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ac1515.03.05.19_multi
NVDtenda/ac15_firmware15.03.05.19_multi

🔴Vulnerability Details

2
GHSA
GHSA-4287-9xx6-3794: A vulnerability was found in Tenda AC15 152025-06-09
CVEList
Tenda AC15 HTTP POST Request SetLEDCf formsetschedled buffer overflow2025-06-08

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Tenda SetLEDCfg time Parameter Buffer Overflow Attempt (CVE-2025-5850)2025-06-09
CVE-2025-5850 — Tenda Ac15 vulnerability | cvebase