How to fix EUVD-2025-17417?

Within 24 hours: Identify and inventory all Tenda AC15 routers in your network and isolate affected devices from critical systems. Within 7 days: Implement network segmentation to restrict router administrative access and apply WAF rules to block malicious POST requests to /goform/AdvSetLanip. Within 30 days: Evaluate replacement of vulnerable Tenda AC15 units with alternative vendor equipment, as no patch is currently available; monitor Tenda's security advisories for patch availability.

Is Ac15 Firmware affected by EUVD-2025-17417?

A critical buffer overflow vulnerability in Tenda AC15 routers (model 15.03.05.19_multi) allows remote attackers to compromise network infrastructure without authentication.

EUVD-2025-17417

| CVE-2025-5851 HIGH

2025-06-09 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17417

PoC Detected

Jun 09, 2025 - 19:04 vuln.today

Public exploit code

CVE Published

Jun 09, 2025 - 00:15 nvd

HIGH 8.8

Description

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

A critical buffer overflow vulnerability exists in Tenda AC15 firmware version 15.03.05.19_multi affecting the HTTP POST request handler for the /goform/AdvSetLanip endpoint. An authenticated remote attacker can exploit improper input validation of the lanMask parameter to achieve buffer overflow, leading to arbitrary code execution, information disclosure, and denial of service. Public exploit code is available and the vulnerability is actively disclosed, increasing real-world exploitation risk.

Technical Context

The vulnerability resides in the fromadvsetlanip function within the HTTP POST request handler component of Tenda AC15 wireless router firmware. The affected endpoint /goform/AdvSetLanip processes LAN configuration parameters without proper bounds checking. The lanMask parameter fails to validate input length before copying to a fixed-size buffer, resulting in a classic stack-based or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). This allows attackers to overwrite adjacent memory structures, potentially including saved return addresses or function pointers. The CPE context indicates this affects Tenda AC15 devices (vendor-specific model designation), with the specific vulnerable firmware version 15.03.05.19_multi. The HTTP POST handler processes user-supplied configuration data without sanitization, a common pattern in embedded device management interfaces.

Affected Products

AC15 (['15.03.05.19_multi'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: +20

EUVD-2025-17417 vulnerability details – vuln.today

Back

EUVD-2025-17417

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

EUVD-2025-17417

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code