CVE-2025-10815 | Tenda AC20 up to 16.03.08.12 HTTP POST Request /goform/SetPptpServerCfg strcpy startIp buffer overflow

September 21, 2025 Yanac

A vulnerability categorized as critical has been discovered in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow.

This vulnerability is uniquely identified as CVE-2025-10815. The attack can be launched remotely. Moreover, an exploit is present.VulDB Recent EntriesRead More