← voltar
CVE-2025-10803

Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow

CVSS 8.7 HIGHEPSS 0.7%CWE-119CWE-120
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.7EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
22 set 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Produtos afetados
Tenda · AC23

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.mdhttps://vuldb.com/?ctiid.325161https://vuldb.com/?id.325161https://vuldb.com/?submit.654237https://www.tenda.com.cn/