CVE-2025-5862

| EUVD-2025-17426 HIGH
2025-06-09 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17426
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
PoC Detected
Jun 09, 2025 - 19:02 vuln.today
Public exploit code
CVE Published
Jun 09, 2025 - 05:15 nvd
HIGH 8.8

Tags

Buffer Overflow Ac7 Firmware Tenda

Description

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical remote buffer overflow vulnerability in Tenda AC7 wireless router firmware version 15.03.06.44, affecting the PPTP user list configuration function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.

Technical Context

The vulnerability exists in the formSetPPTPUserList function within the /goform/setPptpUserList endpoint of the Tenda AC7 router's web management interface. This is a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) buffer overflow, where user-supplied input in the 'list' parameter is not properly validated for length before being written to a fixed-size stack or heap buffer. The PPTP (Point-to-Point Tunneling Protocol) configuration feature processes the user list without adequate bounds checking. Affected CPE: cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*. The router's web interface handles administrative functions with minimal input sanitization, a common pattern in embedded device firmware.

Affected Products

Tenda AC7 firmware version 15.03.06.44 (confirmed affected). Potentially affected: Tenda AC7 firmware versions prior to the patched release (version number of patch not specified in available data; requires vendor advisory consultation). CPE identifier: cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*. The Tenda AC7 is a dual-band 802.11ac wireless router commonly deployed in residential and small-office environments. No vendor advisory URL was provided in the CVE description; remediation requires consulting Tenda's official security advisories or firmware download page at tenda.com.cn or regional Tenda support channels.

Remediation

Immediate actions: (1) Identify all Tenda AC7 devices with firmware 15.03.06.44 on your network using device discovery or SNMP enumeration; (2) Consult Tenda's official firmware release page for patched versions (typically version numbers > 15.03.06.44); (3) Apply firmware updates via the router's web management interface (System Settings > Firmware Upgrade) or via Tenda's management application; (4) Workarounds if patch is unavailable: restrict network access to the /goform/setPptpUserList endpoint using firewall rules, disable the PPTP VPN feature if not in use (disable PPTP server in router configuration), and enforce strong administrator credentials (change default admin/admin credentials immediately); (5) Monitor router logs for suspicious POST requests to /goform/setPptpUserList endpoint; (6) Perform a factory reset and reconfigure with latest available firmware as a last resort if compromise is suspected.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.3
CVSS: +44
POC: +20

Share

CVE-2025-5862 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy