Tenda · Tenda Ac20 · CVE-2025-10815
**Name of the Vulnerable Software and Affected Versions**
Tenda AC20 versions up to 16.03.08.12
**Description**
A flaw exists in Tenda AC20 that allows for remote buffer overflow. The issue is related to the `strcpy` function within the `/goform/SetPptpServerCfg` file of the HTTP POST Request Handler component. Manipulation of the `startIp` argument triggers the overflow. The exploit is publicly available.
**Recommendations**
Update Tenda AC20 to a version later than 16.03.08.12.