CVE-2025-5851 – Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

June 9, 2025

CVE ID : CVE-2025-5851

Published : June 9, 2025, 12:15 a.m. | 3 hours, 29 minutes ago

Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5852 – Tenda AC6 PPTP Form Set User List Buffer Overflow

Next Article CVE-2025-5849 – Tenda AC15 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

Highlights

CVE-2023-28909 – Skoda MIB3 Bluetooth Integer Overflow Remote Code Execution Vulnerability

June 28, 2025

CVE ID : CVE-2023-28909

Published : June 28, 2025, 4:15 p.m. | 3 hours, 3 minutes ago

Description : A specific flaw exists within the Bluetooth stack of the MIB3 unit. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving fragmented HCI packets on a channel. An attacker can leverage this vulnerability to bypass the MTU check on a channel with enabled fragmentation. Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution.
The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2025-5851 – Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

National University of Singapore Researchers Introduce Dimple: A Discrete Diffusion Multimodal Language Model for Efficient and Controllable Text Generation

Are tariffs about to make your next iPhone way more expensive? It’s complicated

CVE-2025-49136 – Listmonk Environment Variable Information Disclosure

Developer Spotlight: Max Barvian

CVE-2023-28909 – Skoda MIB3 Bluetooth Integer Overflow Remote Code Execution Vulnerability

CVE-2025-32801 – Kea Root Privilege Escalation Remote Code Execution

TP-Link Router Vulnerabilities Let Attackers Inject Malicious SQL Commands

Simplifying UAE VAT and E-Invoicing Challenges with ERP Solutions

CVE-2025-5851 – Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

Related Posts