CVE-2025-15218

HighPublic PoC

Published: 30 December 2025

Published

30 December 2025

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0019 40.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow.…

The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of the lanMask POST parameter to directly prevent buffer overflow from malicious input manipulation.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and patching of the specific buffer overflow flaw in the router firmware.

SI-16 Memory Protection good match

prevent

Implements memory protections like DEP and stack canaries to block code execution from buffer overflow exploits.

Security SummaryAI

CVE-2025-15218 is a buffer overflow vulnerability (CWE-119, CWE-120) in Tenda AC10U routers running firmware versions 15.03.06.48 and 15.03.06.49. The flaw affects the fromadvsetlanip function in the /goform/AdvSetLanip file, part of the POST Request Parameter Handler component. It is triggered by manipulating the lanMask argument in a POST request, leading to a buffer overflow. The vulnerability was published on 2025-12-30 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by attackers with low privileges, such as authenticated users on the network. Low attack complexity and no user interaction are required, allowing exploitation over the network with unchanged scope. Successful attacks can result in high impacts to confidentiality, integrity, and availability, potentially enabling arbitrary code execution or full system compromise.

Advisories and additional details are available via VulDB entries (https://vuldb.com/?ctiid.338603, https://vuldb.com/?id.338603, https://vuldb.com/?submit.725461) and the Tenda vendor site (https://www.tenda.com.cn/). A public exploit write-up is hosted at https://lavender-bicycle-a5a.notion.site/Tenda-AC10U-fromadvsetlanip-2d753a41781f800c86c8d388a38e8101. Security practitioners should consult these resources for any patches or mitigations.

The exploit has been made publicly available and could be used for attacks.

Details

CWE(s): CWE-119 CWE-120

Affected Products

tenda

ac10u firmware

15.03.06.48, 15.03.06.49

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in router web management interface (/goform/AdvSetLanip) via authenticated POST request enables remote code execution, directly mapping to exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://lavender-bicycle-a5a.notion.site/Tenda-AC10U-fromadvsetlanip-2d753a41781f800c86c8d388a38e8101?source=copy_link
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.338603
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.338603
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.725461
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com