PT-2025-21838 · Tenda · Tenda Ac15
Xubeining
·
Published
2025-05-18
·
Updated
2025-05-18
·
CVE-2025-4867
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Tenda A15 version 15.13.07.13
Description
A vulnerability was found in the function
formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Recommendations
For Tenda A15 version 15.13.07.13, as a temporary workaround, consider disabling the
formArpNerworkSet function until a patch is available. Restrict access to the /goform/ArpNerworkSet endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ac15