CNNVD-202512-3881 Information

Dec 21, 2025 cve

CNNVD ID

CNNVD-202512-3881

CVE-2025-14993

CNNVD Published: 2025-12-21

Description (Chinese)

Tenda AC18是中国腾达（Tenda）公司的一款路由器。 Tenda AC18 15.03.05.05版本存在安全漏洞，该漏洞源于组件HTTP Request Handler中文件/goform/SetDlnaCfg的sprintf函数对参数scanList处理不当，可能导致栈缓冲区溢出。

Description (English)

Tenda AC18 is a router for Tenda China. Version 15,03.05 of Tenda AC 18,03.05 contains a security loophole that originates from the inappropriate handling of the sprintf function of file/goform/SetDlnaCfg in component HTTTP Request Handler to the parameter scanList, which may result in the spilling out of the fence.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

腾达

Published

2025-12-21

Last Modified

2026-02-24

References

https://vuldb.com/?submit.719084 https://www.tenda.com.cn/ https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_AC18/SetDlnaCfg/SetDlnaCfg.md#reproduce https://vuldb.com/?ctiid.337687 https://vuldb.com/?id.337687 https://access.redhat.com/security/cve/cve-2025-14993

Share on: