CVE-2025-8939

Summary

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC2016.03.08.0affected
TendaAC2016.03.08.1affected
TendaAC2016.03.08.2affected
TendaAC2016.03.08.3affected
TendaAC2016.03.08.4affected
TendaAC2016.03.08.5affected
TendaAC2016.03.08.6affected
TendaAC2016.03.08.7affected
TendaAC2016.03.08.8affected
TendaAC2016.03.08.9affected
TendaAC2016.03.08.10affected
TendaAC2016.03.08.11affected
TendaAC2016.03.08.12affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References