CVE-2025-15231

HighPublic PoC

Published: 30 December 2025

Published

30 December 2025

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been…

publicly disclosed and may be utilized.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation directly addresses the stack-based buffer overflow by applying vendor firmware patches to fix the vulnerable formSetRemoteVlanInfo function.

SI-10 Information Input Validation good match

prevent

Information input validation enforces bounds checking on ID, vlan, and port arguments to prevent the buffer overflow manipulation.

SI-16 Memory Protection good match

prevent

Memory protection mechanisms such as stack canaries and non-executable stacks mitigate exploitation of the buffer overflow for arbitrary code execution.

Security SummaryAI

CVE-2025-15231 is a stack-based buffer overflow vulnerability affecting the Tenda M3 router on firmware version 1.0.0.13(4903). The flaw exists in the formSetRemoteVlanInfo function within the /goform/setVlanInfo file, where manipulation of the ID, vlan, or port arguments triggers the overflow. Associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation over the network with low complexity and no user interaction, but requires low privileges such as basic authentication. An attacker could achieve high impacts across confidentiality, integrity, and availability, potentially leading to arbitrary code execution on the affected device through the buffer overflow.

Advisories and further details are documented on VulDB (ctiid.338627, id.338627, submit.725493), with a public exploit disclosure available on GitHub at dwBruijn/CVEs/blob/main/Tenda/setRemoteVlanInfo.md. The Tenda manufacturer website (tenda.com.cn) provides general product information, though specific patch guidance is not detailed in the referenced sources.

The exploit has been publicly disclosed and may be utilized, increasing the risk of real-world attacks against unpatched Tenda M3 devices.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

m3 firmware

1.0.0.13\(4903\)

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in web form (/goform/setVlanInfo) on public-facing Tenda M3 router enables remote code execution with low privileges, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/dwBruijn/CVEs/blob/main/Tenda/setRemoteVlanInfo.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.338627
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.338627
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.725493
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com