CVE-2025-10815
Published: 22 September 2025
Summary
CVE-2025-10815 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac20 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the buffer overflow by requiring identification, reporting, and correction of the flaw in the strcpy function of the HTTP POST handler.
Mandates validation of the startIp input parameter to prevent buffer overflow from malicious HTTP POST requests.
Implements memory safeguards like stack canaries and non-executable memory to mitigate exploitation of the buffer overflow for code execution or denial of service.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing HTTP POST handler (/goform/SetPptpServerCfg) directly enables remote exploitation of the router web interface for code execution.
NVD Description
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The…
more
attack can be launched remotely. The exploit is publicly available and might be used.
Deeper analysisAI
CVE-2025-10815 is a buffer overflow vulnerability affecting Tenda AC20 routers running firmware versions up to 16.03.08.12. The issue resides in the strcpy function within the /goform/SetPptpServerCfg file of the HTTP POST Request Handler component, where manipulation of the startIp argument triggers the overflow. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.
Attackers with low privileges (PR:L), such as authenticated users, can exploit this vulnerability remotely over the network without requiring user interaction. By sending a crafted HTTP POST request with a malicious startIp value, they can trigger the buffer overflow, potentially achieving high impacts on confidentiality, integrity, and availability, including arbitrary code execution or denial of service. A public exploit is available, hosted on GitHub at https://github.com/Juana-2u/Tenda-AC20, increasing the risk of widespread abuse.
Advisories from VulDB (https://vuldb.com/?ctiid.325173, https://vuldb.com/?id.325173, https://vuldb.com/?submit.654460) detail the vulnerability and submission process, while the vendor's site (https://www.tenda.com.cn/) provides general support resources. No specific patches or mitigation steps are outlined in the available references, underscoring the need for users to monitor for firmware updates.
The exploit's public availability heightens the likelihood of real-world exploitation against unpatched Tenda AC20 devices, particularly in environments with exposed router management interfaces.
Details
- CWE(s)