CVE-2025-15215
HIGHTenda AC10U 15.03.06.48/15.03.06.49 - Buffer Overflow via setPptpUserList HTTP POST Request
Title source: llmDescription
A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
References (5)
Core 5
Core References
VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.338600
VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.338600
VDB Entry third-party-advisory
https://vuldb.com/?submit.725365
Exploit, Third Party Advisory exploit
https://www.notion.so/Tenda-AC10U-setPptpUserList-2d753a41781f80e8ba6bc37ba6100343?pvs=73
Product product
https://www.tenda.com.cn/
Scores
CVSS v3
8.8
EPSS
0.0060
EPSS Percentile
44.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-120
CWE-119
Status
published
Products (2)
tenda/ac10u_firmware
15.03.06.48
tenda/ac10u_firmware
15.03.06.49
Published
Dec 30, 2025
Tracked Since
Feb 18, 2026