A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.325161 | Permissions Required VDB Entry |
https://vuldb.com/?id.325161 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.654237 | Third Party Advisory VDB Entry |
https://www.tenda.com.cn/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
History
24 Sep 2025, 20:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac23:1.0:*:*:*:*:*:*:* |
|
First Time |
Tenda ac23
Tenda Tenda ac23 Firmware |
|
References | () https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.325161 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.325161 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.654237 - Third Party Advisory, VDB Entry | |
References | () https://www.tenda.com.cn/ - Product |
22 Sep 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-09-22 15:15
Updated : 2025-09-24 20:25
NVD link : CVE-2025-10803
Mitre link : CVE-2025-10803
CVE.ORG link : CVE-2025-10803
JSON object : View
Products Affected
tenda
- ac23_firmware
- ac23