CVE-2025-15234

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.13

Description A flaw exists in the Tenda M3 router. The formSetRemoteInternetLanInfo function within the /goform/setInternetLanInfo file is susceptible to a heap-based buffer overflow. Manipulation of the portIp, portMask, portGateWay, portDns, and portSecDns arguments can trigger this issue. Remote attackers can potentially exploit this weakness. The exploit is publicly available.

Recommendations Tenda M3 version 1.0.0.13: At the moment, there is no information about a newer version that contains a fix for this vulnerability.