CVE-2025-11091Improper Restriction of Operations within the Bounds of a Memory Buffer in Ac21 Firmware

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.3%
top 49.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ac21 FirmwareTenda Ac21
Timeline
PublishedSep 28

Description

A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDtenda/ac21_firmware16.03.08.16
CVEListV5tenda/ac2117 versions+16

🔴Vulnerability Details

2
CVEList
Tenda AC21 SetStaticRouteCfg sscanf buffer overflow2025-09-28
GHSA
GHSA-q44p-w6pc-7fm3: A security flaw has been discovered in Tenda AC21 up to 162025-09-28
CVE-2025-11091 — Tenda Ac21 Firmware vulnerability | cvebase