CVE-2025-29462
CRITICALTenda AC15 Firmware V15.13.07.13 - Buffer Overflow via webCgiGetUploadFile HTTP Request Processing
Title source: llmDescription
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://hackmd.io/@7QWW9EKUSNGgPWZNOHkL2w/Sk4xbvejyx
Scores
CVSS v3
9.8
EPSS
0.0053
EPSS Percentile
41.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (1)
tenda/ac15_firmware
15.13.07.13
Published
Apr 03, 2025
Tracked Since
Feb 18, 2026