CVE-2025-15230
Heap-Based Buffer Overflow in Tenda M3 VLAN Policy Allows Remote Exploit
Publication date: 2025-12-30
Last updated on: 2026-02-24
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | m3 | 1.0.0.13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Tenda M3 router firmware version 1.0.0.13(4903), specifically in the function formSetVlanPolicy within the file /goform/setVlanPolicyData. It occurs due to improper handling of the argument qvlan_truck_port, which leads to a heap-based buffer overflow. This flaw can be exploited remotely, allowing an attacker to potentially execute arbitrary code or cause a denial of service.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to severe impacts including remote code execution, denial of service, or unauthorized control over the affected device. Since the vulnerability allows remote exploitation without user interaction, attackers could compromise the device's integrity, confidentiality, and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the endpoint /goform/setVlanPolicyData that include the parameter qvlan_truck_port with unusually large or malformed input, which may indicate an attempt to exploit the heap-based buffer overflow. A practical detection method is to capture and analyze HTTP traffic targeting the Tenda M3 router for such requests. For example, using tcpdump or tshark to filter HTTP POST requests to /goform/setVlanPolicyData and inspecting the qvlan_truck_port parameter. Example command: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/setVlanPolicyData' or using tshark to extract HTTP POST data. Additionally, checking router logs for unusual POST requests or crashes related to this endpoint may help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the vulnerable Tenda M3 router, especially blocking external access to the /goform/setVlanPolicyData endpoint to prevent remote exploitation. Since no known mitigations or patches currently exist, it is recommended to consider replacing the affected device or firmware version. Additionally, monitoring network traffic for exploitation attempts and disabling remote management features if possible can reduce risk. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability impacts the confidentiality, integrity, and availability of the affected Tenda M3 router device. Such impacts can lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of data confidentiality and integrity. However, no specific details on compliance implications or regulatory impact are provided in the available resources. [2]