VDB-311621 · CVE-2025-5862 · EUVD-2025-17426

Tenda AC7 15.03.06.44 /goform/setPptpUserList formSetPPTPUserList list ବଫର୍ ଓଭରଫ୍ଲୋ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu Tenda AC7 15.03.06.44 keessatti argameera. Miidhamni argame is hojii formSetPPTPUserList faayilii /goform/setPptpUserList keessa. Wanti jijjiirame irratti list gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-120 si geessa. Odeeffannoon kun yeroo 06/08/2025 maxxanfameera. Odeeffannoon kun buufachuuf lavender-bicycle-a5a.notion.site irratti argama. Dogoggorri kun CVE-2025-5862 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Qorannoo miidhaa (exploit) uummataaf ifa taasifameera, kanaafis fayyadamuu ni danda'ama. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit lavender-bicycle-a5a.notion.site irraa buufachuun ni danda'ama. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 ଆଡାପ୍ଟେସନ୍ · 89 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 06/08/2025 03:30 PM	ଅଦ୍ୟତନ 1/2 06/09/2025 07:44 AM	ଅଦ୍ୟତନ 2/2 06/09/2025 08:22 AM
software_vendor	Tenda	Tenda	Tenda
software_name	AC7	AC7	AC7
software_version	15.03.06.44	15.03.06.44	15.03.06.44
software_file	/goform/setPptpUserList	/goform/setPptpUserList	/goform/setPptpUserList
software_function	formSetPPTPUserList	formSetPPTPUserList	formSetPPTPUserList
software_argument	list	list	list
vulnerability_cwe	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-formSetPPTPUserList-20a53a41781f806ca124cbdf99bff931?source=copy_link	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-formSetPPTPUserList-20a53a41781f806ca124cbdf99bff931?source=copy_link	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-formSetPPTPUserList-20a53a41781f806ca124cbdf99bff931?source=copy_link
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-formSetPPTPUserList-20a53a41781f806ca124cbdf99bff931?source=copy_link	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-formSetPPTPUserList-20a53a41781f806ca124cbdf99bff931?source=copy_link	https://lavender-bicycle-a5a.notion.site/Tenda-AC7-formSetPPTPUserList-20a53a41781f806ca124cbdf99bff931?source=copy_link
source_cve	CVE-2025-5862	CVE-2025-5862	CVE-2025-5862
cna_responsible	VulDB	VulDB	VulDB
software_type	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	H	H	H
cvss4_vuldb_vi	H	H	H
cvss4_vuldb_va	H	H	H
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8
cvss3_meta_tempscore	8.0	8.4	8.4
cvss4_vuldb_bscore	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4
advisory_date	1749333600 (06/08/2025)	1749333600 (06/08/2025)	1749333600 (06/08/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		H	H
cvss4_cna_vi		H	H
cvss4_cna_va		H	H
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		8.7	8.7
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		H	H
cvss3_cna_i		H	H
cvss3_cna_a		H	H
cvss3_cna_basescore		8.8	8.8
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		C	C
cvss2_cna_ii		C	C
cvss2_cna_ai		C	C
cvss2_cna_basescore		9	9
euvd_id			EUVD-2025-17426

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!