CVE-2025-5849

🗓️ 08 Jun 2025 22:31:07Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 39 Views🌐 WEB

Critical vulnerability in Tenda AC15 allows remote stack-based overflow in HTTP POST request handler.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-5849	9 Jun 202501:18	–	circl
CNNVD	Tenda AC15 安全漏洞	8 Jun 202500:00	–	cnnvd
CNVD	Tenda AC15 /goform/SetRemoteWebCfg File Buffer Overflow Vulnerability	10 Jun 202500:00	–	cnvd
Cvelist	CVE-2025-5849 Tenda AC15 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow	8 Jun 202522:31	–	cvelist
EUVD	EUVD-2025-17415	3 Oct 202520:07	–	euvd
NVD	CVE-2025-5849	8 Jun 202523:15	–	nvd
OSV	CVE-2025-5849	8 Jun 202523:15	–	osv
Positive Technologies	PT-2025-24384 · Tenda · Tenda Ac15	6 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5849	10 Jun 202523:08	–	redhatcve
Vulnrichment	CVE-2025-5849 Tenda AC15 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow	8 Jun 202522:31	–	vulnrichment

NVD

Node

tenda ac15_firmwareMatch15.03.05.19_multi

AND

tenda ac15Match1.0

[
  {
    "vendor": "Tenda",
    "product": "AC15",
    "versions": [
      {
        "version": "15.03.05.19_multi",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP POST Request Handler"
    ]
  }
]

Source	Link
candle-throne-f75	www.candle-throne-f75.notion.site/Tenda-AC15-formSetSafeWanWebMan-20adf0aa1185806daab3ebe0036266cb
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
tenda	www.tenda.com.cn/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
remoteIp	request body	/goform/SetRemoteWebCfg	Stack-based buffer overflow in formSetSafeWanWebMan via remoteIp parameter in POST /goform/SetRemoteWebCfg on Tenda AC15 vulnerable to remote code execution.	CWE-119, CWE-121

09 Jun 2025 19:04Current

8.9High risk

Vulners AI Score8.9

CVSS 48.7

CVSS 3.18.8

CVSS 29

CVSS 38.8

EPSS0.00663

SSVC

tenda ac15 vulnerability stack-based overflow remote attack http post request