CVE-2025-15215

Name of the Vulnerable Software and Affected Versions Tenda AC10U versions 15.03.06.48 through 15.03.06.49

Description A buffer overflow issue exists in the formSetPPTPUserList function within the HTTP POST Request Handler component, specifically in the /goform/setPptpUserList file of the Tenda AC10U. The issue is triggered by manipulating the argument list, allowing for remote code execution. The vulnerability occurs due to insufficient input validation when processing the list parameter. The exploit for this issue has been publicly disclosed.

Recommendations Versions 15.03.06.48 through 15.03.06.49 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.