CVE-2025-5799

| EUVD-2025-17364 HIGH
2025-06-06 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17364
PoC Detected
Jun 09, 2025 - 19:07 vuln.today
Public exploit code
CVE Published
Jun 06, 2025 - 20:15 nvd
HIGH 8.8

Tags

Buffer Overflow Ac8 Firmware Tenda

Description

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical stack-based buffer overflow vulnerability in Tenda AC8 router firmware version 16.03.34.09, affecting the wireless repeat configuration function. An authenticated remote attacker can exploit this vulnerability via the wpapsk_crypto parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public proof-of-concept code exists and exploitation is feasible, making this an actively exploitable threat requiring immediate patching.

Technical Context

The vulnerability exists in the fromSetWirelessRepeat function within the /goform/WifiExtraSet endpoint of Tenda AC8 router firmware. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The wpapsk_crypto parameter lacks proper input validation and length checking, allowing an attacker to write beyond allocated stack memory boundaries. This affects embedded Linux-based router firmware where such web-accessible endpoints directly manipulate low-level wireless configuration structures without sanitization. The attack vector leverages the router's web management interface, a common attack surface in IoT/networking devices.

Affected Products

Tenda AC8 firmware version 16.03.34.09 is explicitly affected. The CPE designation would be: cpe:2.3:o:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*. The AC8 is a dual-band 802.11ac wireless router commonly deployed in home and small office environments. Firmware versions prior to a patched release are potentially vulnerable; without official vendor guidance, versions 16.03.34.09 and potentially earlier builds should be considered at risk. No vendor advisory reference was provided in the source data, suggesting either the vendor has not publicly acknowledged this or the advisory is pending.

Remediation

Immediate actions: (1) Contact Tenda for firmware patch availability for AC8 devices running 16.03.34.09 or earlier; (2) If patch is available, upgrade firmware through the router's web interface or via Tenda's firmware distribution portal; (3) Until patching is possible, implement network-level mitigations such as restricting access to the router's web management interface (port 80/443) to trusted networks only, disabling remote management features, and isolating guest network users from administrative access; (4) Monitor router logs for suspicious /goform/WifiExtraSet requests with unusual wpapsk_crypto parameter values (long strings, binary data); (5) Consider replacing the device if Tenda does not release a patch within a reasonable timeframe (30-60 days). Specific patch versions should be verified against official Tenda security advisories once released.

Priority Score

65
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +44
POC: +20

Share

CVE-2025-5799 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy