CVE-2025-29462

{"id": "CVE-2025-29462", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-04-03T20:15:24.383", "references": [{"url": "https://hackmd.io/@7QWW9EKUSNGgPWZNOHkL2w/Sk4xbvejyx", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de desbordamiento de b\u00fafer en Tenda Ac15 V15.13.07.13. La vulnerabilidad se produce cuando la funci\u00f3n webCgiGetUploadFile llama a la funci\u00f3n socketRead para procesar mensajes de solicitud HTTP, lo que provoca la sobrescritura de un b\u00fafer en la pila."}], "lastModified": "2025-04-22T16:33:41.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac15_firmware:15.13.07.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5DCB2D3-4A9C-4B51-BE07-301D51EB2AE7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B73E7C1C-F121-486A-8B15-E97EA0C219A5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}