Submit #725365: Tenda AC10U AC10U v1.0 Firmware V15.03.06.48、AC10U v1.0 Firmware V15.03.06.49 Buffer Overflowinfo

Title	Tenda AC10U AC10U v1.0 Firmware V15.03.06.48、AC10U v1.0 Firmware V15.03.06.49 Buffer Overflow
Description	In the Tenda AC10U v1.0 Firmware V15.03.06.48、AC10U v1.0 Firmware V15.03.06.49 firmware has a buffer overflow vulnerability in the formSetPPTPUserList function. The Var variable receives the list parameter from a POST request and is later passed to the strcpy function. However, since the Since user can control the input of list, the statemeant v4 = strcpy(Var, "~"); can cause a buffer overflow.
Source	⚠️ https://www.notion.so/Tenda-AC10U-setPptpUserList-2d753a41781f80e8ba6bc37ba6100343?pvs=73
User	yhryhryhr_miemie (UID 65492)
Submission	12/28/2025 10:19 (6 months ago)
Moderation	12/28/2025 14:20 (4 hours later)
Status	Accepted
VulDB entry	338600 [Tenda AC10U 15.03.06.48/15.03.06.49 HTTP POST Request /goform/setPptpUserList formSetPPTPUserList list buffer overflow]
Points	17

Do you know our Splunk app?

Download it now for free!