CVE-2025-11120

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow CWE-78 — OS Command Injection5 documents5 sources

Severity

7.4HIGH

EPSS

0.4%

top 39.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda AC8 Tenda Ac18 Firmware

Timeline

PublishedSep 28

Latest updateDec 12

Description

A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/ac816.03.34.06

▶NVDtenda/ac18_firmware16.03.34.06

🔴Vulnerability Details

CVEList

Tenda AC8 SetServerConfig formSetServerConfig buffer overflow↗2025-09-28

▶

GHSA

GHSA-62cc-6mpf-6rxc: A weakness has been identified in Tenda AC8 16↗2025-09-28

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Tenda SetServerConfig Buffer Overflow Attempt (CVE-2025-11120)↗2025-12-12

▶

📋Vendor Advisories

CISA

GeoVision Devices OS Command Injection Vulnerability↗2025-05-07

▶