Skip to main content

Ac20 Firmware CVE-2025-9087

HIGH
Buffer Overflow (CWE-119)
2025-08-16 cna@vuldb.com
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:07 vuln.today
PoC Detected
Aug 21, 2025 - 16:13 vuln.today
Public exploit code
CVE Published
Aug 16, 2025 - 23:15 nvd
HIGH 7.4

DescriptionCVE.org

A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

A vulnerability has been found in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Affected products include: Tenda Ac20 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2025-9791 HIGH POC
7.4 Sep 01

A weakness has been identified in Tenda AC20 16.03.08.05. Rated high severity (CVSS 7.4), this vulnerability is remotely

CVE-2025-13258 HIGH POC
7.4 Nov 17

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remo

CVE-2025-10815 HIGH
7.4 Sep 22

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is re

CVE-2025-10120 HIGH POC
7.4 Sep 09

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remo

CVE-2025-9089 HIGH POC
7.4 Aug 17

A vulnerability was determined in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely

CVE-2025-9088 HIGH POC
7.4 Aug 16

A vulnerability was found in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely expl

CVE-2025-9046 HIGH POC
7.4 Aug 15

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely

CVE-2025-8940 HIGH POC
7.4 Aug 14

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is re

CVE-2025-8939 HIGH POC
7.4 Aug 14

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is re

CVE-2025-8810 HIGH POC
7.4 Aug 10

A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Rated high severity (CVSS 7.4), this vulnera

Share

CVE-2025-9087 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy