CVE-2025-5848

Exploit

EPSS 0.76%
Veröffentlicht 08.06.2025 22:00:11
Zuletzt bearbeitet 09.06.2025 19:04:50
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Tenda AC15 HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow

A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tenda ≫ Ac15 Firmware Version15.03.05.19_multi

Tenda ≫ Ac15 Version1.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.76%	0.504

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	7.4	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.tenda.com.cn/

Product

https://vuldb.com/?id.311594

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.311594

Permissions Required

https://vuldb.com/?submit.591372

Third Party Advisory

VDB Entry

https://candle-throne-f75.notion.site/Tenda-AC15-formSetPPTPUserList-20adf0aa118580d080eacb031b89ddc6

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-5848

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5848

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5848

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-5848