CVE-2025-11385

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

7.4HIGH

EPSS

0.4%

top 38.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda Ac20 Tenda Ac20 Firmware

Timeline

PublishedOct 7

Description

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/ac2013 versions+12

▶NVDtenda/ac20_firmware16.03.08.12

🔴Vulnerability Details

GHSA

GHSA-6rgw-g4x8-jxpp: A vulnerability has been found in Tenda AC20 up to 16↗2025-10-07

▶

CVEList

Tenda AC20 fast_setting_wifi_set sscanf buffer overflow↗2025-10-07

▶