CVE-2025-15231

A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicl...

high 8.8 CVSS 3.1

Published: Dec 30, 2025

Modified: Feb 24, 2026

Vendor: Tenda

Versions: 1.0.0.13\(4903\)

Description

A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

References

Related CVEs

CVSS Breakdown

Version	3.1
Score	8.8 / 10
Severity	high

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-119

Affected Product

Vendor	Tenda
Product	M3 Firmware
Versions	1.0.0.13\(4903\)