Search criteria
32 vulnerabilities found for ac20 by tenda
CVE-2025-13258 (GCVE-0-2025-13258)
Vulnerability from cvelistv5 – Published: 2025-11-17 02:02 – Updated: 2025-11-17 18:47
VLAI?
Title
Tenda AC20 WifiExtraSet buffer overflow
Summary
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
Yun Zhang (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13258",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T18:45:32.375996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T18:47:00.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yun Zhang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC20 up to 16.03.08.12 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /goform/WifiExtraSet. Durch das Beeinflussen des Arguments wpapsk_crypto mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T02:02:08.487Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332593 | Tenda AC20 WifiExtraSet buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332593"
},
{
"name": "VDB-332593 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332593"
},
{
"name": "Submit #688716 | Tenda AC20 Router Affected firmware version: \u003c= V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.688716"
},
{
"tags": [
"related"
],
"url": "https://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-16T11:52:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 WifiExtraSet buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13258",
"datePublished": "2025-11-17T02:02:08.487Z",
"dateReserved": "2025-11-16T10:47:14.703Z",
"dateUpdated": "2025-11-17T18:47:00.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11385 (GCVE-0-2025-11385)
Vulnerability from cvelistv5 – Published: 2025-10-07 09:32 – Updated: 2025-10-07 18:23
VLAI?
Title
Tenda AC20 fast_setting_wifi_set sscanf buffer overflow
Summary
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
cymiao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11385",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T18:23:22.789479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T18:23:35.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cymiao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC20 up to 16.03.08.12 gefunden. Es betrifft die Funktion sscanf der Datei /goform/fast_setting_wifi_set. Mittels Manipulieren des Arguments timeZone mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T09:32:06.697Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327312 | Tenda AC20 fast_setting_wifi_set sscanf buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327312"
},
{
"name": "VDB-327312 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327312"
},
{
"name": "Submit #664922 | Shenzhen Tenda Technology Co.,Ltd. AC20 \u003c= V16.03.08.12 (latest) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.664922"
},
{
"tags": [
"related"
],
"url": "https://github.com/cymiao1978/cve/blob/main/11.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cymiao1978/cve/blob/main/11.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-06T21:29:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 fast_setting_wifi_set sscanf buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11385",
"datePublished": "2025-10-07T09:32:06.697Z",
"dateReserved": "2025-10-06T19:24:32.774Z",
"dateUpdated": "2025-10-07T18:23:35.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10815 (GCVE-0-2025-10815)
Vulnerability from cvelistv5 – Published: 2025-09-22 21:02 – Updated: 2025-09-23 16:02
VLAI?
Title
Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow
Summary
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
Juana_2u (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T16:02:33.361061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T16:02:43.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Juana_2u (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC20 up to 16.03.08.12 entdeckt. Dabei betrifft es die Funktion strcpy der Datei /goform/SetPptpServerCfg der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments startIp mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T21:02:08.431Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325173 | Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325173"
},
{
"name": "VDB-325173 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325173"
},
{
"name": "Submit #654460 | tenda AC20 \u003c= V16.03.08.12 (latest) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.654460"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Juana-2u/Tenda-AC20"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-21T12:27:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10815",
"datePublished": "2025-09-22T21:02:08.431Z",
"dateReserved": "2025-09-21T10:22:10.626Z",
"dateUpdated": "2025-09-23T16:02:43.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10120 (GCVE-0-2025-10120)
Vulnerability from cvelistv5 – Published: 2025-09-09 01:32 – Updated: 2025-09-09 14:06
VLAI?
Title
Tenda AC20 GetParentControlInfo strcpy buffer overflow
Summary
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
cymiao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10120",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T14:06:10.711825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T14:06:35.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/cymiao1978/cve/blob/main/4.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cymiao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC20 bis 16.03.08.12 entdeckt. Betroffen ist die Funktion strcpy der Datei /goform/GetParentControlInfo. Die Manipulation des Arguments mac f\u00fchrt zu buffer overflow. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T01:32:12.388Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323089 | Tenda AC20 GetParentControlInfo strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323089"
},
{
"name": "VDB-323089 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323089"
},
{
"name": "Submit #645680 | Tenda AC20 \u003c= V16.03.08.12 (latest) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.645680"
},
{
"tags": [
"related"
],
"url": "https://github.com/cymiao1978/cve/blob/main/4.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cymiao1978/cve/blob/main/4.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-08T17:11:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 GetParentControlInfo strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10120",
"datePublished": "2025-09-09T01:32:12.388Z",
"dateReserved": "2025-09-08T15:06:42.887Z",
"dateUpdated": "2025-09-09T14:06:35.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9791 (GCVE-0-2025-9791)
Vulnerability from cvelistv5 – Published: 2025-09-01 19:02 – Updated: 2025-09-02 15:09
VLAI?
Title
Tenda AC20 fromAdvSetMacMtuWan stack-based overflow
Summary
A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
BediveRE (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9791",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:13:37.000337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T15:09:01.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Cpppq43/Tenda/blob/main/Tenda_AC20_V16.03.08.05.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Cpppq43/Tenda/blob/main/Tenda_AC20_V16.03.08.05.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BediveRE (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.05 wurde eine Schwachstelle gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /goform/fromAdvSetMacMtuWan. Durch Manipulieren des Arguments wanMTU mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T19:02:07.802Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322106 | Tenda AC20 fromAdvSetMacMtuWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.322106"
},
{
"name": "VDB-322106 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322106"
},
{
"name": "Submit #641088 | Tenda Tenda AC20 AC20_V16.03.08.05 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.641088"
},
{
"tags": [
"related"
],
"url": "https://github.com/Cpppq43/Tenda/blob/main/Tenda_AC20_V16.03.08.05.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Cpppq43/Tenda/blob/main/Tenda_AC20_V16.03.08.05.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T12:15:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 fromAdvSetMacMtuWan stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9791",
"datePublished": "2025-09-01T19:02:07.802Z",
"dateReserved": "2025-09-01T10:10:40.574Z",
"dateUpdated": "2025-09-02T15:09:01.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9091 (GCVE-0-2025-9091)
Vulnerability from cvelistv5 – Published: 2025-08-17 02:32 – Updated: 2025-08-18 13:15
VLAI?
Title
Tenda AC20 shadow hard-coded credentials
Summary
A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9091",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T13:15:15.497583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:15:19.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md#description"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.12 ist eine Schwachstelle entdeckt worden. Hierbei betrifft es unbekannten Programmcode der Datei /etc_ro/shadow. Mittels Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T02:32:09.136Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320359 | Tenda AC20 shadow hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.320359"
},
{
"name": "VDB-320359 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320359"
},
{
"name": "Submit #632268 | Tenda AC20 V16.03.08.12 Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632268"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/hardcoded%20password/readme.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md#description"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 shadow hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9091",
"datePublished": "2025-08-17T02:32:09.136Z",
"dateReserved": "2025-08-16T06:06:25.733Z",
"dateUpdated": "2025-08-18T13:15:19.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9090 (GCVE-0-2025-9090)
Vulnerability from cvelistv5 – Published: 2025-08-17 02:02 – Updated: 2025-08-18 17:46
VLAI?
Title
Tenda AC20 Telnet Service telnet websFormDefine command injection
Summary
A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9090",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T17:44:17.324864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T17:46:22.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Telnet Service"
],
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.12 wurde eine Schwachstelle gefunden. Dabei betrifft es die Funktion websFormDefine der Datei /goform/telnet der Komponente Telnet Service. Mittels dem Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T02:02:07.488Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320358 | Tenda AC20 Telnet Service telnet websFormDefine command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320358"
},
{
"name": "VDB-320358 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320358"
},
{
"name": "Submit #632232 | Tenda AC20 V16.03.08.12 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632232"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/telnet/readme.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/telnet/readme.md#poc-exploit-steps"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 Telnet Service telnet websFormDefine command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9090",
"datePublished": "2025-08-17T02:02:07.488Z",
"dateReserved": "2025-08-16T06:06:22.874Z",
"dateUpdated": "2025-08-18T17:46:22.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9089 (GCVE-0-2025-9089)
Vulnerability from cvelistv5 – Published: 2025-08-16 23:32 – Updated: 2025-08-18 17:58
VLAI?
Title
Tenda AC20 SetIpMacBind sub_48E628 stack-based overflow
Summary
A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9089",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T17:58:24.545344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T17:58:40.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC20 16.03.08.12 entdeckt. Dies betrifft die Funktion sub_48E628 der Datei /goform/SetIpMacBind. Durch Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-16T23:32:07.804Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320357 | Tenda AC20 SetIpMacBind sub_48E628 stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320357"
},
{
"name": "VDB-320357 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320357"
},
{
"name": "Submit #632039 | Tenda AC20 V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632039"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/fromSetIpMacBind/readme.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/fromSetIpMacBind/readme.md#poc-python-exploit-script"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 SetIpMacBind sub_48E628 stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9089",
"datePublished": "2025-08-16T23:32:07.804Z",
"dateReserved": "2025-08-16T06:06:19.540Z",
"dateUpdated": "2025-08-18T17:58:40.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9088 (GCVE-0-2025-9088)
Vulnerability from cvelistv5 – Published: 2025-08-16 23:02 – Updated: 2025-08-18 17:59
VLAI?
Title
Tenda AC20 formSetVirtualSer save_virtualser_data stack-based overflow
Summary
A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9088",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T17:58:55.569150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T17:59:09.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC20 16.03.08.12 gefunden. Das betrifft die Funktion save_virtualser_data der Datei /goform/formSetVirtualSer. Durch die Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-16T23:02:07.777Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320356 | Tenda AC20 formSetVirtualSer save_virtualser_data stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320356"
},
{
"name": "VDB-320356 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320356"
},
{
"name": "Submit #632038 | Tenda AC20 V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632038"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/formSetVirtualSer"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/formSetVirtualSer#poc-python-exploit-script"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 formSetVirtualSer save_virtualser_data stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9088",
"datePublished": "2025-08-16T23:02:07.777Z",
"dateReserved": "2025-08-16T06:06:16.797Z",
"dateUpdated": "2025-08-18T17:59:09.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9087 (GCVE-0-2025-9087)
Vulnerability from cvelistv5 – Published: 2025-08-16 22:32 – Updated: 2025-08-18 17:59
VLAI?
Title
Tenda AC20 SetNetControlList Endpoint set_qosMib_list stack-based overflow
Summary
A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9087",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T17:59:34.411415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T17:59:50.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SetNetControlList Endpoint"
],
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.12 ist eine Schwachstelle entdeckt worden. Es betrifft die Funktion set_qosMib_list der Datei /goform/SetNetControlList der Komponente SetNetControlList Endpoint. Mit der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-16T22:32:07.366Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320355 | Tenda AC20 SetNetControlList Endpoint set_qosMib_list stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320355"
},
{
"name": "VDB-320355 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320355"
},
{
"name": "Submit #632037 | Tenda AC20 V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632037"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/formSetQosBand"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/formSetQosBand#poc-python-exploit-script"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 SetNetControlList Endpoint set_qosMib_list stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9087",
"datePublished": "2025-08-16T22:32:07.366Z",
"dateReserved": "2025-08-16T06:06:05.154Z",
"dateUpdated": "2025-08-18T17:59:50.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9046 (GCVE-0-2025-9046)
Vulnerability from cvelistv5 – Published: 2025-08-15 11:02 – Updated: 2025-08-15 13:18
VLAI?
Title
Tenda AC20 setMacFilterCfg sub_46A2AC stack-based overflow
Summary
A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9046",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T13:18:25.644831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T13:18:35.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Dies betrifft die Funktion sub_46A2AC der Datei /goform/setMacFilterCfg. Mit der Manipulation des Arguments deviceList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T11:02:07.032Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320267 | Tenda AC20 setMacFilterCfg sub_46A2AC stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320267"
},
{
"name": "VDB-320267 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320267"
},
{
"name": "Submit #631932 | Tenda AC20 V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631932"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/formSetMacFilterCfg/readme.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/formSetMacFilterCfg/readme.md#poc-python-exploit-script"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-14T21:34:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 setMacFilterCfg sub_46A2AC stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9046",
"datePublished": "2025-08-15T11:02:07.032Z",
"dateReserved": "2025-08-14T19:29:47.175Z",
"dateUpdated": "2025-08-15T13:18:35.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8940 (GCVE-0-2025-8940)
Vulnerability from cvelistv5 – Published: 2025-08-14 05:32 – Updated: 2025-08-15 12:58
VLAI?
Title
Tenda AC20 saveParentControlInfo strcpy buffer overflow
Summary
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
QMSSDXN (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8940",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:13:16.584763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:58:09.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20-2/Tenda%20AC20-2.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Dabei geht es um die Funktion strcpy der Datei /goform/saveParentControlInfo. Dank Manipulation des Arguments Time mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T05:32:11.901Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319903 | Tenda AC20 saveParentControlInfo strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319903"
},
{
"name": "VDB-319903 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319903"
},
{
"name": "Submit #631836 | Tenda AC20 \u2264 V16.03.08.12 (latest version) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631836"
},
{
"tags": [
"related"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20-2/Tenda%20AC20-2.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20-2/Tenda%20AC20-2.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-13T14:06:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 saveParentControlInfo strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8940",
"datePublished": "2025-08-14T05:32:11.901Z",
"dateReserved": "2025-08-13T12:01:39.751Z",
"dateUpdated": "2025-08-15T12:58:09.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8939 (GCVE-0-2025-8939)
Vulnerability from cvelistv5 – Published: 2025-08-14 05:32 – Updated: 2025-08-15 12:58
VLAI?
Title
Tenda AC20 WifiGuestSet buffer overflow
Summary
A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
QMSSDXN (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8939",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:15:34.699662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:58:16.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20/Tenda%20AC20.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es geht dabei um eine nicht klar definierte Funktion der Datei /goform/WifiGuestSet. Dank der Manipulation des Arguments shareSpeed mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T05:32:07.802Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319902 | Tenda AC20 WifiGuestSet buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319902"
},
{
"name": "VDB-319902 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319902"
},
{
"name": "Submit #631829 | Tenda AC20 \u2264 V16.03.08.12 (latest version) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631829"
},
{
"tags": [
"related"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20/Tenda%20AC20.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20/Tenda%20AC20.md#3-poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-13T14:06:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 WifiGuestSet buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8939",
"datePublished": "2025-08-14T05:32:07.802Z",
"dateReserved": "2025-08-13T12:01:37.310Z",
"dateUpdated": "2025-08-15T12:58:16.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8810 (GCVE-0-2025-8810)
Vulnerability from cvelistv5 – Published: 2025-08-10 13:02 – Updated: 2025-08-12 19:41
VLAI?
Title
Tenda AC20 SetFirewallCfg strcpy stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
hundun (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:41:44.972257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:41:47.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LaiwanHundun/CVE/blob/main/cve1"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hundun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.05 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion strcpy der Datei /goform/SetFirewallCfg. Durch das Beeinflussen des Arguments firewallEn mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T13:02:08.230Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319339 | Tenda AC20 SetFirewallCfg strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319339"
},
{
"name": "VDB-319339 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319339"
},
{
"name": "Submit #627394 | Tenda AC20 V1.0re_V16.03.08.05 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.627394"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/LaiwanHundun/CVE/blob/main/cve1"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T10:03:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 SetFirewallCfg strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8810",
"datePublished": "2025-08-10T13:02:08.230Z",
"dateReserved": "2025-08-09T07:58:15.073Z",
"dateUpdated": "2025-08-12T19:41:47.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8160 (GCVE-0-2025-8160)
Vulnerability from cvelistv5 – Published: 2025-07-25 15:02 – Updated: 2025-07-25 15:11
VLAI?
Title
Tenda AC20 httpd SetSysTimeCfg buffer overflow
Summary
A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
BabyShark (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8160",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T15:10:58.750011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T15:11:10.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"httpd"
],
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BabyShark (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda AC20 bis 16.03.08.12 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /goform/SetSysTimeCfg der Komponente httpd. Durch Manipulation des Arguments timeZone mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T15:02:07.280Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317574 | Tenda AC20 httpd SetSysTimeCfg buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317574"
},
{
"name": "VDB-317574 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317574"
},
{
"name": "Submit #620625 | Tenda AC20 \u003c= V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.620625"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CH13hh/cve/blob/main/tenda1.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T09:01:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 httpd SetSysTimeCfg buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8160",
"datePublished": "2025-07-25T15:02:07.280Z",
"dateReserved": "2025-07-25T06:55:58.644Z",
"dateUpdated": "2025-07-25T15:11:10.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13258 (GCVE-0-2025-13258)
Vulnerability from nvd – Published: 2025-11-17 02:02 – Updated: 2025-11-17 18:47
VLAI?
Title
Tenda AC20 WifiExtraSet buffer overflow
Summary
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
Yun Zhang (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13258",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T18:45:32.375996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T18:47:00.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yun Zhang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC20 up to 16.03.08.12 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /goform/WifiExtraSet. Durch das Beeinflussen des Arguments wpapsk_crypto mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T02:02:08.487Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332593 | Tenda AC20 WifiExtraSet buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332593"
},
{
"name": "VDB-332593 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332593"
},
{
"name": "Submit #688716 | Tenda AC20 Router Affected firmware version: \u003c= V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.688716"
},
{
"tags": [
"related"
],
"url": "https://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-16T11:52:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 WifiExtraSet buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13258",
"datePublished": "2025-11-17T02:02:08.487Z",
"dateReserved": "2025-11-16T10:47:14.703Z",
"dateUpdated": "2025-11-17T18:47:00.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11385 (GCVE-0-2025-11385)
Vulnerability from nvd – Published: 2025-10-07 09:32 – Updated: 2025-10-07 18:23
VLAI?
Title
Tenda AC20 fast_setting_wifi_set sscanf buffer overflow
Summary
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
cymiao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11385",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T18:23:22.789479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T18:23:35.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cymiao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC20 up to 16.03.08.12 gefunden. Es betrifft die Funktion sscanf der Datei /goform/fast_setting_wifi_set. Mittels Manipulieren des Arguments timeZone mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T09:32:06.697Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327312 | Tenda AC20 fast_setting_wifi_set sscanf buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327312"
},
{
"name": "VDB-327312 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327312"
},
{
"name": "Submit #664922 | Shenzhen Tenda Technology Co.,Ltd. AC20 \u003c= V16.03.08.12 (latest) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.664922"
},
{
"tags": [
"related"
],
"url": "https://github.com/cymiao1978/cve/blob/main/11.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cymiao1978/cve/blob/main/11.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-06T21:29:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 fast_setting_wifi_set sscanf buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11385",
"datePublished": "2025-10-07T09:32:06.697Z",
"dateReserved": "2025-10-06T19:24:32.774Z",
"dateUpdated": "2025-10-07T18:23:35.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10815 (GCVE-0-2025-10815)
Vulnerability from nvd – Published: 2025-09-22 21:02 – Updated: 2025-09-23 16:02
VLAI?
Title
Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow
Summary
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
Juana_2u (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T16:02:33.361061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T16:02:43.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Juana_2u (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC20 up to 16.03.08.12 entdeckt. Dabei betrifft es die Funktion strcpy der Datei /goform/SetPptpServerCfg der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments startIp mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T21:02:08.431Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325173 | Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325173"
},
{
"name": "VDB-325173 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325173"
},
{
"name": "Submit #654460 | tenda AC20 \u003c= V16.03.08.12 (latest) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.654460"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Juana-2u/Tenda-AC20"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-21T12:27:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10815",
"datePublished": "2025-09-22T21:02:08.431Z",
"dateReserved": "2025-09-21T10:22:10.626Z",
"dateUpdated": "2025-09-23T16:02:43.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10120 (GCVE-0-2025-10120)
Vulnerability from nvd – Published: 2025-09-09 01:32 – Updated: 2025-09-09 14:06
VLAI?
Title
Tenda AC20 GetParentControlInfo strcpy buffer overflow
Summary
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
cymiao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10120",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T14:06:10.711825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T14:06:35.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/cymiao1978/cve/blob/main/4.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cymiao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC20 bis 16.03.08.12 entdeckt. Betroffen ist die Funktion strcpy der Datei /goform/GetParentControlInfo. Die Manipulation des Arguments mac f\u00fchrt zu buffer overflow. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T01:32:12.388Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323089 | Tenda AC20 GetParentControlInfo strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323089"
},
{
"name": "VDB-323089 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323089"
},
{
"name": "Submit #645680 | Tenda AC20 \u003c= V16.03.08.12 (latest) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.645680"
},
{
"tags": [
"related"
],
"url": "https://github.com/cymiao1978/cve/blob/main/4.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cymiao1978/cve/blob/main/4.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-08T17:11:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 GetParentControlInfo strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10120",
"datePublished": "2025-09-09T01:32:12.388Z",
"dateReserved": "2025-09-08T15:06:42.887Z",
"dateUpdated": "2025-09-09T14:06:35.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9791 (GCVE-0-2025-9791)
Vulnerability from nvd – Published: 2025-09-01 19:02 – Updated: 2025-09-02 15:09
VLAI?
Title
Tenda AC20 fromAdvSetMacMtuWan stack-based overflow
Summary
A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
BediveRE (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9791",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:13:37.000337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T15:09:01.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Cpppq43/Tenda/blob/main/Tenda_AC20_V16.03.08.05.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Cpppq43/Tenda/blob/main/Tenda_AC20_V16.03.08.05.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BediveRE (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.05 wurde eine Schwachstelle gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /goform/fromAdvSetMacMtuWan. Durch Manipulieren des Arguments wanMTU mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T19:02:07.802Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322106 | Tenda AC20 fromAdvSetMacMtuWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.322106"
},
{
"name": "VDB-322106 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322106"
},
{
"name": "Submit #641088 | Tenda Tenda AC20 AC20_V16.03.08.05 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.641088"
},
{
"tags": [
"related"
],
"url": "https://github.com/Cpppq43/Tenda/blob/main/Tenda_AC20_V16.03.08.05.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Cpppq43/Tenda/blob/main/Tenda_AC20_V16.03.08.05.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T12:15:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 fromAdvSetMacMtuWan stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9791",
"datePublished": "2025-09-01T19:02:07.802Z",
"dateReserved": "2025-09-01T10:10:40.574Z",
"dateUpdated": "2025-09-02T15:09:01.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9091 (GCVE-0-2025-9091)
Vulnerability from nvd – Published: 2025-08-17 02:32 – Updated: 2025-08-18 13:15
VLAI?
Title
Tenda AC20 shadow hard-coded credentials
Summary
A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9091",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T13:15:15.497583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:15:19.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md#description"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.12 ist eine Schwachstelle entdeckt worden. Hierbei betrifft es unbekannten Programmcode der Datei /etc_ro/shadow. Mittels Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T02:32:09.136Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320359 | Tenda AC20 shadow hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.320359"
},
{
"name": "VDB-320359 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320359"
},
{
"name": "Submit #632268 | Tenda AC20 V16.03.08.12 Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632268"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/hardcoded%20password/readme.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md#description"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 shadow hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9091",
"datePublished": "2025-08-17T02:32:09.136Z",
"dateReserved": "2025-08-16T06:06:25.733Z",
"dateUpdated": "2025-08-18T13:15:19.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9090 (GCVE-0-2025-9090)
Vulnerability from nvd – Published: 2025-08-17 02:02 – Updated: 2025-08-18 17:46
VLAI?
Title
Tenda AC20 Telnet Service telnet websFormDefine command injection
Summary
A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9090",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T17:44:17.324864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T17:46:22.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Telnet Service"
],
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.12 wurde eine Schwachstelle gefunden. Dabei betrifft es die Funktion websFormDefine der Datei /goform/telnet der Komponente Telnet Service. Mittels dem Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T02:02:07.488Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320358 | Tenda AC20 Telnet Service telnet websFormDefine command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320358"
},
{
"name": "VDB-320358 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320358"
},
{
"name": "Submit #632232 | Tenda AC20 V16.03.08.12 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632232"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/telnet/readme.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/telnet/readme.md#poc-exploit-steps"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 Telnet Service telnet websFormDefine command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9090",
"datePublished": "2025-08-17T02:02:07.488Z",
"dateReserved": "2025-08-16T06:06:22.874Z",
"dateUpdated": "2025-08-18T17:46:22.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9089 (GCVE-0-2025-9089)
Vulnerability from nvd – Published: 2025-08-16 23:32 – Updated: 2025-08-18 17:58
VLAI?
Title
Tenda AC20 SetIpMacBind sub_48E628 stack-based overflow
Summary
A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9089",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T17:58:24.545344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T17:58:40.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC20 16.03.08.12 entdeckt. Dies betrifft die Funktion sub_48E628 der Datei /goform/SetIpMacBind. Durch Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-16T23:32:07.804Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320357 | Tenda AC20 SetIpMacBind sub_48E628 stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320357"
},
{
"name": "VDB-320357 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320357"
},
{
"name": "Submit #632039 | Tenda AC20 V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632039"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/fromSetIpMacBind/readme.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/fromSetIpMacBind/readme.md#poc-python-exploit-script"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 SetIpMacBind sub_48E628 stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9089",
"datePublished": "2025-08-16T23:32:07.804Z",
"dateReserved": "2025-08-16T06:06:19.540Z",
"dateUpdated": "2025-08-18T17:58:40.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9088 (GCVE-0-2025-9088)
Vulnerability from nvd – Published: 2025-08-16 23:02 – Updated: 2025-08-18 17:59
VLAI?
Title
Tenda AC20 formSetVirtualSer save_virtualser_data stack-based overflow
Summary
A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9088",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T17:58:55.569150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T17:59:09.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC20 16.03.08.12 gefunden. Das betrifft die Funktion save_virtualser_data der Datei /goform/formSetVirtualSer. Durch die Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-16T23:02:07.777Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320356 | Tenda AC20 formSetVirtualSer save_virtualser_data stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320356"
},
{
"name": "VDB-320356 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320356"
},
{
"name": "Submit #632038 | Tenda AC20 V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632038"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/formSetVirtualSer"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/formSetVirtualSer#poc-python-exploit-script"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 formSetVirtualSer save_virtualser_data stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9088",
"datePublished": "2025-08-16T23:02:07.777Z",
"dateReserved": "2025-08-16T06:06:16.797Z",
"dateUpdated": "2025-08-18T17:59:09.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9087 (GCVE-0-2025-9087)
Vulnerability from nvd – Published: 2025-08-16 22:32 – Updated: 2025-08-18 17:59
VLAI?
Title
Tenda AC20 SetNetControlList Endpoint set_qosMib_list stack-based overflow
Summary
A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9087",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T17:59:34.411415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T17:59:50.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SetNetControlList Endpoint"
],
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.12 ist eine Schwachstelle entdeckt worden. Es betrifft die Funktion set_qosMib_list der Datei /goform/SetNetControlList der Komponente SetNetControlList Endpoint. Mit der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-16T22:32:07.366Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320355 | Tenda AC20 SetNetControlList Endpoint set_qosMib_list stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320355"
},
{
"name": "VDB-320355 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320355"
},
{
"name": "Submit #632037 | Tenda AC20 V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632037"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/formSetQosBand"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/tree/main/AC20/formSetQosBand#poc-python-exploit-script"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-16T08:11:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 SetNetControlList Endpoint set_qosMib_list stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9087",
"datePublished": "2025-08-16T22:32:07.366Z",
"dateReserved": "2025-08-16T06:06:05.154Z",
"dateUpdated": "2025-08-18T17:59:50.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9046 (GCVE-0-2025-9046)
Vulnerability from nvd – Published: 2025-08-15 11:02 – Updated: 2025-08-15 13:18
VLAI?
Title
Tenda AC20 setMacFilterCfg sub_46A2AC stack-based overflow
Summary
A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
n0ps1ed (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9046",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T13:18:25.644831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T13:18:35.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "n0ps1ed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Dies betrifft die Funktion sub_46A2AC der Datei /goform/setMacFilterCfg. Mit der Manipulation des Arguments deviceList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T11:02:07.032Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320267 | Tenda AC20 setMacFilterCfg sub_46A2AC stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320267"
},
{
"name": "VDB-320267 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320267"
},
{
"name": "Submit #631932 | Tenda AC20 V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631932"
},
{
"tags": [
"related"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/formSetMacFilterCfg/readme.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ZZ2266/.github.io/blob/main/AC20/formSetMacFilterCfg/readme.md#poc-python-exploit-script"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-14T21:34:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 setMacFilterCfg sub_46A2AC stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9046",
"datePublished": "2025-08-15T11:02:07.032Z",
"dateReserved": "2025-08-14T19:29:47.175Z",
"dateUpdated": "2025-08-15T13:18:35.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8940 (GCVE-0-2025-8940)
Vulnerability from nvd – Published: 2025-08-14 05:32 – Updated: 2025-08-15 12:58
VLAI?
Title
Tenda AC20 saveParentControlInfo strcpy buffer overflow
Summary
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
QMSSDXN (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8940",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:13:16.584763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:58:09.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20-2/Tenda%20AC20-2.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Dabei geht es um die Funktion strcpy der Datei /goform/saveParentControlInfo. Dank Manipulation des Arguments Time mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T05:32:11.901Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319903 | Tenda AC20 saveParentControlInfo strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319903"
},
{
"name": "VDB-319903 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319903"
},
{
"name": "Submit #631836 | Tenda AC20 \u2264 V16.03.08.12 (latest version) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631836"
},
{
"tags": [
"related"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20-2/Tenda%20AC20-2.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20-2/Tenda%20AC20-2.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-13T14:06:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 saveParentControlInfo strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8940",
"datePublished": "2025-08-14T05:32:11.901Z",
"dateReserved": "2025-08-13T12:01:39.751Z",
"dateUpdated": "2025-08-15T12:58:09.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8939 (GCVE-0-2025-8939)
Vulnerability from nvd – Published: 2025-08-14 05:32 – Updated: 2025-08-15 12:58
VLAI?
Title
Tenda AC20 WifiGuestSet buffer overflow
Summary
A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
QMSSDXN (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8939",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:15:34.699662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:58:16.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20/Tenda%20AC20.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es geht dabei um eine nicht klar definierte Funktion der Datei /goform/WifiGuestSet. Dank der Manipulation des Arguments shareSpeed mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T05:32:07.802Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319902 | Tenda AC20 WifiGuestSet buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319902"
},
{
"name": "VDB-319902 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319902"
},
{
"name": "Submit #631829 | Tenda AC20 \u2264 V16.03.08.12 (latest version) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631829"
},
{
"tags": [
"related"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20/Tenda%20AC20.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20/Tenda%20AC20.md#3-poc"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-13T14:06:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 WifiGuestSet buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8939",
"datePublished": "2025-08-14T05:32:07.802Z",
"dateReserved": "2025-08-13T12:01:37.310Z",
"dateUpdated": "2025-08-15T12:58:16.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8810 (GCVE-0-2025-8810)
Vulnerability from nvd – Published: 2025-08-10 13:02 – Updated: 2025-08-12 19:41
VLAI?
Title
Tenda AC20 SetFirewallCfg strcpy stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
hundun (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:41:44.972257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:41:47.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LaiwanHundun/CVE/blob/main/cve1"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hundun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda AC20 16.03.08.05 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion strcpy der Datei /goform/SetFirewallCfg. Durch das Beeinflussen des Arguments firewallEn mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T13:02:08.230Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319339 | Tenda AC20 SetFirewallCfg strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319339"
},
{
"name": "VDB-319339 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319339"
},
{
"name": "Submit #627394 | Tenda AC20 V1.0re_V16.03.08.05 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.627394"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/LaiwanHundun/CVE/blob/main/cve1"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T10:03:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 SetFirewallCfg strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8810",
"datePublished": "2025-08-10T13:02:08.230Z",
"dateReserved": "2025-08-09T07:58:15.073Z",
"dateUpdated": "2025-08-12T19:41:47.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8160 (GCVE-0-2025-8160)
Vulnerability from nvd – Published: 2025-07-25 15:02 – Updated: 2025-07-25 15:11
VLAI?
Title
Tenda AC20 httpd SetSysTimeCfg buffer overflow
Summary
A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC20 |
Affected:
16.03.08.0
Affected: 16.03.08.1 Affected: 16.03.08.2 Affected: 16.03.08.3 Affected: 16.03.08.4 Affected: 16.03.08.5 Affected: 16.03.08.6 Affected: 16.03.08.7 Affected: 16.03.08.8 Affected: 16.03.08.9 Affected: 16.03.08.10 Affected: 16.03.08.11 Affected: 16.03.08.12 |
Credits
BabyShark (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8160",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T15:10:58.750011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T15:11:10.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"httpd"
],
"product": "AC20",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.08.0"
},
{
"status": "affected",
"version": "16.03.08.1"
},
{
"status": "affected",
"version": "16.03.08.2"
},
{
"status": "affected",
"version": "16.03.08.3"
},
{
"status": "affected",
"version": "16.03.08.4"
},
{
"status": "affected",
"version": "16.03.08.5"
},
{
"status": "affected",
"version": "16.03.08.6"
},
{
"status": "affected",
"version": "16.03.08.7"
},
{
"status": "affected",
"version": "16.03.08.8"
},
{
"status": "affected",
"version": "16.03.08.9"
},
{
"status": "affected",
"version": "16.03.08.10"
},
{
"status": "affected",
"version": "16.03.08.11"
},
{
"status": "affected",
"version": "16.03.08.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BabyShark (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda AC20 bis 16.03.08.12 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /goform/SetSysTimeCfg der Komponente httpd. Durch Manipulation des Arguments timeZone mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T15:02:07.280Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317574 | Tenda AC20 httpd SetSysTimeCfg buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317574"
},
{
"name": "VDB-317574 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317574"
},
{
"name": "Submit #620625 | Tenda AC20 \u003c= V16.03.08.12 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.620625"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CH13hh/cve/blob/main/tenda1.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T09:01:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC20 httpd SetSysTimeCfg buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8160",
"datePublished": "2025-07-25T15:02:07.280Z",
"dateReserved": "2025-07-25T06:55:58.644Z",
"dateUpdated": "2025-07-25T15:11:10.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}