CVE-2025-8940

Summary

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaAC2016.03.08.0affected
TendaAC2016.03.08.1affected
TendaAC2016.03.08.2affected
TendaAC2016.03.08.3affected
TendaAC2016.03.08.4affected
TendaAC2016.03.08.5affected
TendaAC2016.03.08.6affected
TendaAC2016.03.08.7affected
TendaAC2016.03.08.8affected
TendaAC2016.03.08.9affected
TendaAC2016.03.08.10affected
TendaAC2016.03.08.11affected
TendaAC2016.03.08.12affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References