CVE-2025-15231

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.13(4903)

Description A flaw exists in the Tenda M3 router that could allow for remote code execution. The issue is due to a stack-based buffer overflow within the formSetRemoteVlanInfo function, located in the /goform/setVlanInfo file. Manipulation of the ID/vlan/port argument can trigger this overflow. The exploit for this issue has been publicly disclosed and may be used to compromise systems remotely.

Recommendations Versions prior to 1.0.0.13(4903) are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.