Buffer Overflow Vulnerability in Tenda AC15 Router
CVE-2025-29462
9.8CRITICAL
Summary
A buffer overflow vulnerability has been identified in the Tenda AC15 router, specifically in the V15.13.07.13 firmware version. This vulnerability arises when the 'webCgiGetUploadFile' function invokes the 'socketRead' function to handle HTTP request messages, potentially leading to buffer corruption on the stack. Exploitation of this flaw could allow attackers to execute arbitrary code or cause unexpected behavior in the device.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved