Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
A critical buffer overflow vulnerability exists in Tenda AC15 firmware version 15.03.05.19_multi affecting the HTTP POST request handler for the /goform/AdvSetLanip endpoint. An authenticated remote attacker can exploit improper input validation of the lanMask parameter to achieve buffer overflow, leading to arbitrary code execution, information disclosure, and denial of service. Public exploit code is available and the vulnerability is actively disclosed, increasing real-world exploitation risk.
Technical ContextAI
The vulnerability resides in the fromadvsetlanip function within the HTTP POST request handler component of Tenda AC15 wireless router firmware. The affected endpoint /goform/AdvSetLanip processes LAN configuration parameters without proper bounds checking. The lanMask parameter fails to validate input length before copying to a fixed-size buffer, resulting in a classic stack-based or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). This allows attackers to overwrite adjacent memory structures, potentially including saved return addresses or function pointers. The CPE context indicates this affects Tenda AC15 devices (vendor-specific model designation), with the specific vulnerable firmware version 15.03.05.19_multi. The HTTP POST handler processes user-supplied configuration data without sanitization, a common pattern in embedded device management interfaces.
More in Ac15 Firmware
View allTenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical se
Tenda AC15 router has a code injection in formsetUsbUnload (EPSS 1.7%) enabling unauthenticated remote code execution.
Tenda AC15 router has a command injection in formSetIptv (EPSS 1.1%) enabling unauthenticated root-level code execution.
Buffer overflow in Tenda AC15V1.0 via formSetMacFilterCfg. PoC available.
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Rated critical severity
A vulnerability was found in Tenda AC15 15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remote
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerabili
A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Rated critical severity (CVSS 9.8), this
A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Rated critical severity (CVSS 9.8),
A vulnerability was found in Tenda AC15 15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remote
A vulnerability was found in Tenda AC15 15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remote
A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Rated critical severity (CVSS 9.8), t
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17417