CVE-2025-10815 | Tenda AC20 up to 16.03.08.12 HTTP POST Request /goform/SetPptpServerCfg strcpy startIp buffer overflow

Inserito da Angelo Barbosa | Set 21, 2025 | CVE

A vulnerability categorized as critical has been discovered in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow.

This vulnerability is uniquely identified as CVE-2025-10815. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2025-10815 | Tenda AC20 up to 16.03.08.12 HTTP POST Request /goform/SetPptpServerCfg strcpy startIp buffer overflow

Post correlati

CVE-2025-29902 | RTS VLink Virtual Matrix Software code injection

CVE-2024-36236 | Adobe Experience Manager up to 6.5.20 Link cross site scripting (apsb24-28)

CVE-2024-34205 | Totolink CP450 4.1.0cu.747_B20191224 download_firmware command injection

CVE-2024-7026 | Teknogis Informatics Closed Circuit Vehicle Tracking Software up to 21.11.2024 sql injection