Vulnerability Description
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | Ac20 Firmware | <= 16.03.08.12 |
| Tenda | Ac20 | - |
Related Weaknesses (CWE)
References
- https://github.com/Juana-2u/Tenda-AC20Not Applicable
- https://vuldb.com/?ctiid.325173Permissions RequiredVDB Entry
- https://vuldb.com/?id.325173Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.654460Third Party AdvisoryVDB Entry
- https://www.tenda.com.cn/Product
FAQ
What is CVE-2025-10815?
CVE-2025-10815 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such mani...
How severe is CVE-2025-10815?
CVE-2025-10815 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-10815?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ac20 Firmware, Tenda Ac20.