Description
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://hackmd.io/@7QWW9EKUSNGgPWZNOHkL2w/Sk4xbvejyx
Scores
CVSS v3
9.8
EPSS
0.0045
EPSS Percentile
63.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (1)
tenda/ac15_firmware
15.13.07.13
Published
Apr 03, 2025
Tracked Since
Feb 18, 2026