Tenda AC8
CVE-2025-51087
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Unauthenticated low-complexity web-reachable stack overflow on an unmitigated embedded device; I raise I/A to H since such overflows realistically yield RCE and device crash, keeping PR:N per the stated vector.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.
AnalysisAI
Stack-based buffer overflow in the Tenda AC8V4 router (firmware V16.03.34.06) lets remote attackers corrupt memory by supplying an oversized 'time' parameter to the /goform/saveParentControlInfo web endpoint. Per the published CVSS vector the flaw is network-reachable with no authentication (PR:N) and low complexity, and publicly available exploit code exists (no public exploit identified as actively exploited in CISA KEV). The EPSS score of 8.43% (94th percentile) marks it as elevated exploitation likelihood relative to the CVE population.
Technical ContextAI
The affected component is the embedded HTTP administration server (the httpd/goform handler) running on the Tenda AC8V4, a consumer dual-band Wi-Fi router. The /goform/saveParentControlInfo handler processes parental-control configuration submissions; the 'time' argument is copied into a fixed-size stack buffer without adequate bounds checking, the classic CWE-121 stack-based buffer overflow root cause. On these MIPS/ARM SOHO firmware images web parameters are typically handled by unsafe C string operations (strcpy/sprintf) into local stack arrays, and such devices frequently lack modern exploit mitigations (ASLR/stack canaries/NX), which raises the practical exploitability of a stack smash from denial-of-service toward control-flow hijack. The CPE cpe:2.3:o:tenda:ac8_firmware:16.03.34.06 pins the vulnerable build precisely.
RemediationAI
No vendor-released patch is identified at time of analysis, and no fixed firmware version appears in the source data, so an exact upgrade target cannot be cited without inventing one - monitor Tenda's support portal for a firmware release superseding V16.03.34.06 and apply it once published. As compensating controls, disable remote/WAN-side web administration so the /goform interface is not reachable from the internet (trade-off: loses remote management convenience); restrict LAN access to the router admin interface to trusted management hosts via ACLs or a management VLAN; and place the device behind a firewall that blocks unsolicited inbound access to the HTTP admin port. Where the parental-control feature is unused, avoiding/limiting exposure of that configuration workflow reduces reachable attack surface, though it does not remove the vulnerable code. Consult the researcher write-up at https://github.com/TL-SN/IOT/blob/main/Tenda/Tenda-AC8v4%20%20V16.03.34.06/CVE-2025-51087.md for endpoint-specific detail.
More in Ac8 Firmware
View allVulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. Rated crit
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 funct
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentCon
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 funct
A vulnerability was found in Tenda AC8V4 V16.03.34.06. Rated critical severity (CVSS 9.8), this vulnerability is remotel
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. Rated critical severity
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. Rated critical severity (CVSS 9.8), this vulnerability is r
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNe
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and par
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/S
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetPar
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today