ГлавнаяУязвимости → CVE-2025-15233
8.8высокая

CVE-2025-15233

Описание

A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUID results in heap-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Затрагиваемое ПО
Tenda M3 firmwareTenda M3
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/dwBruijn/CVEs/blob/main/Tenda/setAdInfoDetail.mdhttps://vuldb.com/?ctiid.338629https://vuldb.com/?id.338629https://vuldb.com/?submit.725495https://www.tenda.com.cn/