Stack-based Buffer Overflow in Tenda AC15 Router
CVE-2025-11386
Key Information:
Badges
What is CVE-2025-11386?
A vulnerability exists in Tenda AC15 version 15.03.05.18 associated with the file /goform/SetDDNSCfg. This vulnerability is triggered by manipulating the 'ddnsEn' argument, leading to a stack-based buffer overflow. The flaw allows remote attackers to exploit the device, potentially gaining unauthorized access or control. With the exploit being publicly available, users of affected Tenda AC15 devices are urged to take immediate action to secure their networks.
Affected Version(s)
AC15 15.03.05.18
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved