CVE-2025-11091

Summary

A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

Affected Software

VendorProductVersion RangeStatus
TendaAC2116.03.08.0affected
TendaAC2116.03.08.1affected
TendaAC2116.03.08.2affected
TendaAC2116.03.08.3affected
TendaAC2116.03.08.4affected
TendaAC2116.03.08.5affected
TendaAC2116.03.08.6affected
TendaAC2116.03.08.7affected
TendaAC2116.03.08.8affected
TendaAC2116.03.08.9affected
TendaAC2116.03.08.10affected
TendaAC2116.03.08.11affected
TendaAC2116.03.08.12affected
TendaAC2116.03.08.13affected
TendaAC2116.03.08.14affected
TendaAC2116.03.08.15affected
TendaAC2116.03.08.16affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References