Description

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing manipulation of the argument lanMask can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

Related CPE's

o

tenda

ac10u_firmware

2

h

tenda

ac10u

2

References

https://lavender-bicycle-a5a.notion.site/Tenda-AC10U-fromadvsetlanip-2d753a41781f800c86c8d388a38e8101?source=copy_link

ExploitThird Party Advisory

https://vuldb.com/?ctiid.338603

Permissions RequiredVDB Entry

https://vuldb.com/?id.338603

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.725461

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Product

Weaknesses

[email protected]

Primary
CWE-119CWE-120

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-30T03:15:49.267Z

3 weeks ago

Last modified

2026-01-02T20:29:42.810Z

2 weeks ago