CVE-2025-29462

CRITICAL

Tenda AC15 Firmware V15.13.07.13 - Buffer Overflow via webCgiGetUploadFile HTTP Request Processing

Title source: llm
STIX 2.1

Description

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0053
EPSS Percentile 41.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-120
Status published
Products (1)
tenda/ac15_firmware 15.13.07.13
Published Apr 03, 2025
Tracked Since Feb 18, 2026