Details of VAR-202512-2689

ID

VAR-202512-2689

CVE

CVE-2025-15217

DESCRIPTION

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.

Trust: 1.0

sources: NVD: CVE-2025-15217

AFFECTED PRODUCTS

vendor:

tenda

model:

ac23

scope:

version:

16.03.07.52

Trust: 1.0

sources: NVD: CVE-2025-15217

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-15217
value:	HIGH
Trust: 1.0

cna@vuldb.com:	CVE-2025-15217
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

cna@vuldb.com:	CVE-2025-15217
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2025-15217

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0

sources: NVD: CVE-2025-15217

EXTERNAL IDS

db:	VULDB	id:	338602	Trust: 1.0
db:	NVD	id:	CVE-2025-15217	Trust: 1.0

sources: NVD: CVE-2025-15217

REFERENCES

url:	https://vuldb.com/?id.338602	Trust: 1.0
url:	https://vuldb.com/?ctiid.338602	Trust: 1.0
url:	https://lavender-bicycle-a5a.notion.site/tenda-ac23-formsetpptpuserlist-2d753a41781f8091b772cf9e66a687f1?source=copy_link	Trust: 1.0
url:	https://vuldb.com/?submit.725448	Trust: 1.0
url:	https://lavender-bicycle-a5a.notion.site/tenda-ac23-formsetpptpuserlist-2d753a41781f8091b772cf9e66a687f1	Trust: 1.0
url:	https://www.tenda.com.cn/	Trust: 1.0

sources: NVD: CVE-2025-15217

SOURCES

db:

NVD

id:

CVE-2025-15217

LAST UPDATE DATE

2026-01-15T23:38:38.838000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2025-15217

date:

2026-01-02T21:29:28.123

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2025-15217

date:

2025-12-30T03:15:51.887