CVE-2025-11386 | Tenda AC15 15.03.05.18 POST Parameter /goform/SetDDNSCfg ddnsEn stack-based overflow

October 6, 2025 Yanac

A vulnerability was found in Tenda AC15 15.03.05.18. It has been declared as critical. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow.

This vulnerability is reported as CVE-2025-11386. The attack can be launched remotely. Moreover, an exploit is present.VulDB Recent EntriesRead More