CVE-2025-10815 – A buffer overflow vulnerability in Tenda AC20 r... (How to Fix)

Q: What is the severity of CVE-2025-10815?

CVE-2025-10815 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in Tenda AC20 routers allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted HTTP POST requests. This affects Tenda AC20 routers running firmware up to version 16.03.08.12. The vulnerability is in the SetPptpServerCfg function and can be exploited without authentication.

📋 TL;DR

A buffer overflow vulnerability in Tenda AC20 routers allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted HTTP POST requests. This affects Tenda AC20 routers running firmware up to version 16.03.08.12. The vulnerability is in the SetPptpServerCfg function and can be exploited without authentication.

💻 Affected Systems

Products:

Tenda AC20

Versions: Up to 16.03.08.12

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface which is typically enabled by default on port 80/443.

📦 What is this software?

Ac20 Firmware by Tenda

View all CVEs affecting Ac20 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and persistent backdoor installation.

🟠

Likely Case

Router crash causing denial of service, potentially requiring physical reset or firmware reflash.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub. Attack requires sending HTTP POST request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC20. 3. Access router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Access router web interface > Advanced > System Tools > Remote Management > Disable

Network Segmentation

all

Isolate router management interface to trusted network

Configure firewall rules to restrict access to router IP on ports 80,443 to trusted IPs only

🧯 If You Can't Patch

Replace affected router with supported model
Implement strict network access controls and monitor for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface: System Status > Firmware Version

Check Version:

curl -s http://router-ip/ | grep -i firmware

Verify Fix Applied:

Verify firmware version is above 16.03.08.12 after update

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/SetPptpServerCfg with long startIp parameter
Router crash/reboot logs

Network Indicators:

Unusual HTTP traffic to router management interface
POST requests with buffer overflow patterns

SIEM Query:

source="router_logs" AND (uri="/goform/SetPptpServerCfg" OR message="buffer overflow")

📊 Metadata

CVE ID: CVE-2025-10815

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (34.2th percentile)

Published: September 22, 2025

Last Updated: September 25, 2025

🔗 References

https://github.com/Juana-2u/Tenda-AC20 Not Applicable
https://vuldb.com/?ctiid.325173 Permissions Required,VDB Entry
https://vuldb.com/?id.325173 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.654460 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10815, you might also want to check these: