CVE-2025-14656

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

7.4HIGH

EPSS

0.1%

top 71.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda Ac20 Tenda Ac20 Firmware

Timeline

PublishedDec 14

Description

A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/ac2016.03.08.12

▶NVDtenda/ac20_firmware16.03.08.12

🔴Vulnerability Details

GHSA

GHSA-qv52-c9fr-fjw8: A weakness has been identified in Tenda AC20 16↗2025-12-14

▶

CVEList

Tenda AC20 openSchedWifi httpd buffer overflow↗2025-12-14

▶