CRITICAL🇵🇱 Wersja polska

CVE-2025-29462

CVSS 9.8v3.1pub. 2025-04-03upd. 2025-04-22

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.

🤖 AI Analysis
How it works

The vulnerability is located in the webCgiGetUploadFile function, which calls the socketRead function to process incoming HTTP messages. During this process, input data sizes are not properly validated, leading to stack buffer overflow. An attacker can craft a specially constructed HTTP request and send it to the device over the network without needing any privileges or user interaction.

Impact

An attacker can gain full control over the device, including the ability to execute arbitrary code (RCE), breach data confidentiality and integrity, and cause service unavailability. The network vector and lack of authentication requirements make this vulnerability particularly dangerous.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until updates are deployed, it is recommended to restrict access to the device's administrative interface only to trusted IP addresses and isolate the device from untrusted networks using a firewall.

Who is affected

Tenda AC15 with firmware version V15.13.07.13

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac15

    HW
    Tenda
    wszystkie wersje
  • Tenda Ac15 Firmware

    OS
    Tenda
    15.13.07.13
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2020-10987CRITICAL9.8⚠ KEVten sam produkt

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...

CVE-2026-24103CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — podatność w goform/formSetMacFilterCfg

CVE-2026-24105CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru w formsetUsbUnload

CVE-2026-24101CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru formSetIptv

CVE-2025-63666CRITICAL9.8PL ✓ten sam produkt

Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła