VDB-336387 · CVE-2025-14654 · EUVD-2025-203295

Tenda AC20 16.03.08.12 httpd /goform/setPptpUserList formSetPPTPUserList list ବଫର୍ ଓଭରଫ୍ଲୋ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu Tenda AC20 16.03.08.12 keessatti argameera. Kan miidhamte is hojii formSetPPTPUserList faayilii /goform/setPptpUserList keessa kutaa httpd keessa. Hojii jijjiirraa irratti gaggeeffame list gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-121 geessa. Dadhabbii kana yeroo 12/13/2025 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2025-14654tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 90 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/13/2025 10:53 AM	ଅଦ୍ୟତନ 1/2 12/14/2025 11:21 AM	ଅଦ୍ୟତନ 2/2 12/14/2025 02:21 PM
software_vendor	Tenda	Tenda	Tenda
software_name	AC20	AC20	AC20
software_version	16.03.08.12	16.03.08.12	16.03.08.12
software_component	httpd	httpd	httpd
software_file	/goform/setPptpUserList	/goform/setPptpUserList	/goform/setPptpUserList
software_function	formSetPPTPUserList	formSetPPTPUserList	formSetPPTPUserList
software_argument	list	list	list
vulnerability_cwe	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN12/AC20_SetPptpUserList.md	https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN12/AC20_SetPptpUserList.md	https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN12/AC20_SetPptpUserList.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN12/AC20_SetPptpUserList.md	https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN12/AC20_SetPptpUserList.md	https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN12/AC20_SetPptpUserList.md
source_cve	CVE-2025-14654	CVE-2025-14654	CVE-2025-14654
cna_responsible	VulDB	VulDB	VulDB
software_type	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	H	H	H
cvss4_vuldb_vi	H	H	H
cvss4_vuldb_va	H	H	H
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8
cvss3_meta_tempscore	8.0	8.4	8.4
cvss4_vuldb_bscore	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4
advisory_date	1765580400 (12/13/2025)	1765580400 (12/13/2025)	1765580400 (12/13/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.	A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		H	H
cvss4_cna_vi		H	H
cvss4_cna_va		H	H
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		8.7	8.7
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		H	H
cvss3_cna_i		H	H
cvss3_cna_a		H	H
cvss3_cna_basescore		8.8	8.8
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		C	C
cvss2_cna_ii		C	C
cvss2_cna_ai		C	C
cvss2_cna_basescore		9	9
euvd_id			EUVD-2025-203295

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!