CVE-2025-14993 | Tenda AC18 15.03.05.05 HTTP Request /goform/SetDlnaCfg sprintf scanList stack-based overflow

December 20, 2025 Yanac

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow.

This vulnerability is identified as CVE-2025-14993. The attack can be executed remotely. Additionally, an exploit exists.VulDB Recent EntriesRead More