Tenda AC20 GetParentControlInfo strcpy buffer overflow_CVE-2025-10120

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.

Basic Information

ID CVE-2025-10120

Source VulDB

Published Sep 9, 2025 at 01:32

Affected Product

Vendor Tenda

Product AC20

Version 16.03.08.0

Affected Versions Tenda AC20 16.03.08.0
Tenda AC20 16.03.08.1
Tenda AC20 16.03.08.2
Tenda AC20 16.03.08.3
Tenda AC20 16.03.08.4
Tenda AC20 16.03.08.5
Tenda AC20 16.03.08.6
Tenda AC20 16.03.08.7
Tenda AC20 16.03.08.8
Tenda AC20 16.03.08.9
Tenda AC20 16.03.08.10
Tenda AC20 16.03.08.11
Tenda AC20 16.03.08.12

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.",
    "published": "2025-09-09T01:32:12.388Z",
    "modified": "2025-09-09T01:32:12.388Z",
    "type": "cve",
    "title": "Tenda AC20 GetParentControlInfo strcpy buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323089\nhttps://vuldb.com/?ctiid.323089\nhttps://vuldb.com/?submit.645680\nhttps://github.com/cymiao1978/cve/blob/main/4.md\nhttps://github.com/cymiao1978/cve/blob/main/4.md#poc\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-10120",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC20 16.03.08.0\nTenda AC20 16.03.08.1\nTenda AC20 16.03.08.2\nTenda AC20 16.03.08.3\nTenda AC20 16.03.08.4\nTenda AC20 16.03.08.5\nTenda AC20 16.03.08.6\nTenda AC20 16.03.08.7\nTenda AC20 16.03.08.8\nTenda AC20 16.03.08.9\nTenda AC20 16.03.08.10\nTenda AC20 16.03.08.11\nTenda AC20 16.03.08.12",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC20",
    "version": "16.03.08.0",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}