CVE-2025-13258
published 2025-11-17CVE-2025-13258: A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of…
high7.4CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20 | — | — |
| tenda | ac20_firmware | — | — |