CVE-2025-15215 | Tenda AC10U 15.03.06.48/15.03.06.49 HTTP POST Request /goform/setPptpUserList formSetPPTPUserList list buffer overflow

December 28, 2025 Yanac

A vulnerability identified as critical has been detected in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow.

The identification of this vulnerability is CVE-2025-15215. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More