Buffer Overflow Vulnerability in Tenda AC15 Router
CVE-2025-29462

9.8CRITICAL

Key Information:

Vendor
Tenda
Vendor
CVE Published:
3 April 2025

Summary

A buffer overflow vulnerability has been identified in the Tenda AC15 router, specifically in the V15.13.07.13 firmware version. This vulnerability arises when the 'webCgiGetUploadFile' function invokes the 'socketRead' function to handle HTTP request messages, potentially leading to buffer corruption on the stack. Exploitation of this flaw could allow attackers to execute arbitrary code or cause unexpected behavior in the device.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.