CVE-2025-9791Improper Restriction of Operations within the Bounds of a Memory Buffer in Ac20

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.4%
top 42.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ac20Tenda Ac20 Firmware
Timeline
PublishedSep 1
Latest updateSep 2

Description

A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ac2016.03.08.05
NVDtenda/ac20_firmware16.03.08.5

🔴Vulnerability Details

2
GHSA
GHSA-6x7v-g88f-587h: A weakness has been identified in Tenda AC20 162025-09-02
CVEList
Tenda AC20 fromAdvSetMacMtuWan stack-based overflow2025-09-01
CVE-2025-9791 — Tenda Ac20 vulnerability | cvebase