Skip to main content

Tenda AC8 CVE-2025-51087

HIGH
Stack-based Buffer Overflow (CWE-121)
2025-07-24 cve@mitre.org
8.6
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
vuln.today AI
9.8 CRITICAL

Unauthenticated low-complexity web-reachable stack overflow on an unmitigated embedded device; I raise I/A to H since such overflows realistically yield RCE and device crash, keeping PR:N per the stated vector.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 01:44 vuln.today

DescriptionCVE.org

Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.

AnalysisAI

Stack-based buffer overflow in the Tenda AC8V4 router (firmware V16.03.34.06) lets remote attackers corrupt memory by supplying an oversized 'time' parameter to the /goform/saveParentControlInfo web endpoint. Per the published CVSS vector the flaw is network-reachable with no authentication (PR:N) and low complexity, and publicly available exploit code exists (no public exploit identified as actively exploited in CISA KEV). The EPSS score of 8.43% (94th percentile) marks it as elevated exploitation likelihood relative to the CVE population.

Technical ContextAI

The affected component is the embedded HTTP administration server (the httpd/goform handler) running on the Tenda AC8V4, a consumer dual-band Wi-Fi router. The /goform/saveParentControlInfo handler processes parental-control configuration submissions; the 'time' argument is copied into a fixed-size stack buffer without adequate bounds checking, the classic CWE-121 stack-based buffer overflow root cause. On these MIPS/ARM SOHO firmware images web parameters are typically handled by unsafe C string operations (strcpy/sprintf) into local stack arrays, and such devices frequently lack modern exploit mitigations (ASLR/stack canaries/NX), which raises the practical exploitability of a stack smash from denial-of-service toward control-flow hijack. The CPE cpe:2.3:o:tenda:ac8_firmware:16.03.34.06 pins the vulnerable build precisely.

RemediationAI

No vendor-released patch is identified at time of analysis, and no fixed firmware version appears in the source data, so an exact upgrade target cannot be cited without inventing one - monitor Tenda's support portal for a firmware release superseding V16.03.34.06 and apply it once published. As compensating controls, disable remote/WAN-side web administration so the /goform interface is not reachable from the internet (trade-off: loses remote management convenience); restrict LAN access to the router admin interface to trusted management hosts via ACLs or a management VLAN; and place the device behind a firewall that blocks unsolicited inbound access to the HTTP admin port. Where the parental-control feature is unused, avoiding/limiting exposure of that configuration workflow reduces reachable attack surface, though it does not remove the vulnerable code. Consult the researcher write-up at https://github.com/TL-SN/IOT/blob/main/Tenda/Tenda-AC8v4%20%20V16.03.34.06/CVE-2025-51087.md for endpoint-specific detail.

CVE-2023-48194 CRITICAL POC
9.8 Jul 09

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. Rated crit

CVE-2025-25668 CRITICAL POC
9.8 Feb 20

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 funct

CVE-2025-25667 CRITICAL POC
9.8 Feb 20

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentCon

CVE-2025-25664 CRITICAL POC
9.8 Feb 20

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 funct

CVE-2025-25663 CRITICAL POC
9.8 Feb 20

A vulnerability was found in Tenda AC8V4 V16.03.34.06. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2024-46652 CRITICAL POC
9.8 Sep 20

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. Rated critical severity

CVE-2023-4744 CRITICAL POC
9.8 Sep 04

A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. Rated critical severity (CVSS 9.8), this vulnerability is r

CVE-2023-40900 CRITICAL POC
9.8 Aug 24

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNe

CVE-2023-40899 CRITICAL POC
9.8 Aug 24

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and par

CVE-2023-40898 CRITICAL POC
9.8 Aug 24

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/S

CVE-2023-40897 CRITICAL POC
9.8 Aug 24

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetPar

CVE-2023-40896 CRITICAL POC
9.8 Aug 24

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /

Share

CVE-2025-51087 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy