CVE-2025-12622— Tenda AC10 SysRunCmd formSysRunCmd buffer overflow

Tenda AC10 SysRunCmd formSysRunCmd buffer overflow

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

Tenda AC10 安全漏洞

Tenda AC10是中国腾达（Tenda）公司的一款无线路由器。 Tenda AC10 16.03.10.13版本存在安全漏洞，该漏洞源于文件/goform/SysRunCmd中函数formSysRunCmd对参数getui的错误操作，可能导致缓冲区溢出。

N/A

N/A