Unrated severityNVD Advisory· Published Jun 5, 2025· Updated Jun 5, 2025

Tenda AC10 HTTP SetPptpServerCfg formSetPPTPServer buffer overflow

CVE-2025-5629

Description

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected products

Tenda/AC10llm-fuzzy
Range: <=15.03.06.47
Tenda/AC10v5
Range: 15.03.06.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/pfwqdxwdd/cve/blob/main/4.mdmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.tenda.com.cnmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000