CVE-2025-15177

Опубликовано: 29 дек. 2025

Источник: nvd

CVSS3: 7.2

CVSS2: 8.3

EPSS Низкий

Описание

A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/SetIpBind/SetIpBind.md
Exploit
Third Party Advisory
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/SetIpBind/SetIpBind.md#reproduce
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.338562
Permissions Required
VDB Entry
https://vuldb.com/?id.338562
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.721216
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:wh450_firmware:1.0.0.18:*:*:*:*:*:*:*

cpe:2.3:h:tenda:wh450:-:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00085

Низкий

7.2 High

CVSS3

8.3 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-mxx2-735j-g9gp