Buffer Overflow Vulnerability in Tenda AC15 Router
CVE-2025-29462

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: AC15 Router
Vendor: CVE Published:; 3 April 2025

Summary

A buffer overflow vulnerability has been identified in the Tenda AC15 router, specifically in the V15.13.07.13 firmware version. This vulnerability arises when the 'webCgiGetUploadFile' function invokes the 'socketRead' function to handle HTTP request messages, potentially leading to buffer corruption on the stack. Exploitation of this flaw could allow attackers to execute arbitrary code or cause unexpected behavior in the device.

References

https://hackmd.io/@7QWW9EKUSNGgPWZNOHkL2w/Sk4xbvejyx

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Mar 11, 2025