CVE-2025-13258

Summary

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC2016.03.08.0affected
TendaAC2016.03.08.1affected
TendaAC2016.03.08.2affected
TendaAC2016.03.08.3affected
TendaAC2016.03.08.4affected
TendaAC2016.03.08.5affected
TendaAC2016.03.08.6affected
TendaAC2016.03.08.7affected
TendaAC2016.03.08.8affected
TendaAC2016.03.08.9affected
TendaAC2016.03.08.10affected
TendaAC2016.03.08.11affected
TendaAC2016.03.08.12affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References