CVE-2025-15180

Опубликовано: 29 дек. 2025

Источник: nvd

CVSS3: 7.2

CVSS2: 8.3

EPSS Низкий

Описание

A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.

Ссылки

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/webExcptypemanFilter/webExcptypemanFilter.md
Exploit
Third Party Advisory
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/webExcptypemanFilter/webExcptypemanFilter.md#reproduce
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.338565
Permissions Required
VDB Entry
https://vuldb.com/?id.338565
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.721219
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:wh450_firmware:1.0.0.18:*:*:*:*:*:*:*

cpe:2.3:h:tenda:wh450:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00109

Низкий

7.2 High

CVSS3

8.3 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-g344-h4p6-wpq9