CVE-2025-5851 – Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

June 9, 2025

CVE ID : CVE-2025-5851

Published : June 9, 2025, 12:15 a.m. | 3 hours, 29 minutes ago

Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5852 – Tenda AC6 PPTP Form Set User List Buffer Overflow

Next Article CVE-2025-5849 – Tenda AC15 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

Highlights

CVE-2025-34074 – Lucee Remote Code Execution Vulnerability in Scheduled Task Functionality

July 2, 2025

CVE ID : CVE-2025-34074

Published : July 2, 2025, 8:15 p.m. | 1 hour, 45 minutes ago

Description : An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled server, which is written to the Lucee webroot and executed with the privileges of the Lucee service account. Because Lucee does not enforce integrity checks, path restrictions, or execution controls for scheduled task fetches, this feature can be abused to achieve arbitrary code execution. This issue is distinct from CVE-2024-55354.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-5851 – Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

Best early Labor Day TV deals 2025: Save up to 50% on Samsung, LG, and more

CVE-2025-43834 – Tox82 CookieBAR Stored XSS Vulnerability

CVE-2025-6169 – HAMASTAR Technology WIMP SQL Injection Vulnerability

AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi

CVE-2025-34074 – Lucee Remote Code Execution Vulnerability in Scheduled Task Functionality

CVE-2025-45237 – DBSyncer Unsecured Configuration File Access Vulnerability

CVE-2025-52557 – Mail-0’s Zero JavaScript Injection Vulnerability

Keyboard Testing in Accessibility Testing

CVE-2025-5851 – Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

Related Posts