VYPR
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Feb 24, 2026

Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow

CVE-2025-15217

Description

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.

Affected products

2
  • Tenda/AC23cpe-rescue2 versions
    cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*range: 16.03.07.52
    • (no CPE)range: = 16.03.07.52

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.