CNNVD-202512-3883 Information

Dec 21, 2025 cve

CNNVD ID

CNNVD-202512-3883

CVE-2025-14992

CNNVD Published: 2025-12-21

Description (Chinese)

Tenda AC18是中国腾达（Tenda）公司的一款路由器。 Tenda AC18 15.03.05.05版本存在安全漏洞，该漏洞源于组件HTTP Request Handler中文件/goform/GetParentControlInfo的strcpy函数对参数mac处理不当，可能导致栈缓冲区溢出。

Description (English)

Tenda AC18 is a router for Tenda China. Version 15,03.05 of Tenda AC 18,03.05 contains a security loophole that originates from the inappropriate treatment of parameter Mac by the stcpy function of file/goform/GetParentControlInfo in component HTTP Request Handler, which may result in an spilling of the stcpy buffer zone.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

腾达

Published

2025-12-21

Last Modified

2026-02-24

References

https://vuldb.com/?submit.719073 https://www.tenda.com.cn/ https://vuldb.com/?ctiid.337686 https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_AC18/GetParentControlInfo/GetParentControlInfo.md#reproduce https://vuldb.com/?id.337686 https://access.redhat.com/security/cve/cve-2025-14992

Share on: