CVE-2025-15233

EUVD-2025-205699

30.12.2025, 08:15

A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUID results in heap-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDB	CNA	8.8 HIGH				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Affected Products (NVD)

Vendor	Product	Version
tenda	m3_firmware	1.0.0.13\(4903\)

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/dwBruijn/CVEs/blob/main/Tenda/setAdInfoDetail.md

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://github.com/dwBruijn/CVEs/blob/main/Tenda/setAdInfoDetail.md

https://vuldb.com/?ctiid.338629

https://vuldb.com/?id.338629

https://vuldb.com/?submit.725495

https://www.tenda.com.cn/