Description

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Related CPE's

o

tenda

ac10u_firmware

2

h

tenda

ac10u

2

References

https://vuldb.com/?ctiid.338600

VDB Entry

https://vuldb.com/?id.338600

VDB Entry

https://vuldb.com/?submit.725365

VDB Entry

https://www.notion.so/Tenda-AC10U-setPptpUserList-2d753a41781f80e8ba6bc37ba6100343?pvs=73

ExploitThird Party Advisory

https://www.tenda.com.cn/

Product

Weaknesses

[email protected]

Primary
CWE-119CWE-120

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-30T02:15:50.733Z

2 weeks ago

Last modified

2026-01-02T20:28:56.470Z

1 week ago