Buffer Overflow Vulnerability in Tenda AC15 Router
CVE-2025-29462

Currently unrated

Key Information:

Vendor: Tenda
Status: AC15 Router
Vendor: CVE Published:; 3 April 2025

Summary

A buffer overflow vulnerability has been identified in the Tenda AC15 router, specifically in the V15.13.07.13 firmware version. This vulnerability arises when the 'webCgiGetUploadFile' function invokes the 'socketRead' function to handle HTTP request messages, potentially leading to buffer corruption on the stack. Exploitation of this flaw could allow attackers to execute arbitrary code or cause unexpected behavior in the device.

References

https://hackmd.io/@7QWW9EKUSNGgPWZNOHkL2w/Sk4xbvejyx

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Mar 11, 2025