CVE-2025-10803

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.325161 Permissions Required VDB Entry
https://vuldb.com/?id.325161 Third Party Advisory VDB Entry
https://vuldb.com/?submit.654237 Third Party Advisory VDB Entry
https://www.tenda.com.cn/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac23:1.0:*:*:*:*:*:*:*

History

24 Sep 2025, 20:25

Type Values Removed Values Added
CPE cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac23:1.0:*:*:*:*:*:*:*
First Time Tenda ac23
Tenda
Tenda ac23 Firmware
References () https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.md - () https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.325161 - () https://vuldb.com/?ctiid.325161 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.325161 - () https://vuldb.com/?id.325161 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.654237 - () https://vuldb.com/?submit.654237 - Third Party Advisory, VDB Entry
References () https://www.tenda.com.cn/ - () https://www.tenda.com.cn/ - Product

22 Sep 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-22 15:15

Updated : 2025-09-24 20:25


NVD link : CVE-2025-10803

Mitre link : CVE-2025-10803

CVE.ORG link : CVE-2025-10803


JSON object : View

Products Affected

tenda

  • ac23_firmware
  • ac23
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')