Tenda AC21 SetStaticRouteCfg sscanf buffer overflow_CVE-2025-11091

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-11091

Source VulDB

Published Sep 28, 2025 at 01:32

Affected Product

Vendor Tenda

Product AC21

Version 16.03.08.0

Affected Versions Tenda AC21 16.03.08.0
Tenda AC21 16.03.08.1
Tenda AC21 16.03.08.2
Tenda AC21 16.03.08.3
Tenda AC21 16.03.08.4
Tenda AC21 16.03.08.5
Tenda AC21 16.03.08.6
Tenda AC21 16.03.08.7
Tenda AC21 16.03.08.8
Tenda AC21 16.03.08.9
Tenda AC21 16.03.08.10
Tenda AC21 16.03.08.11
Tenda AC21 16.03.08.12
Tenda AC21 16.03.08.13
Tenda AC21 16.03.08.14
Tenda AC21 16.03.08.15
Tenda AC21 16.03.08.16

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited.",
    "published": "2025-09-28T01:32:10.696Z",
    "modified": "2025-09-28T01:32:10.696Z",
    "type": "cve",
    "title": "Tenda AC21 SetStaticRouteCfg sscanf buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.326173\nhttps://vuldb.com/?ctiid.326173\nhttps://vuldb.com/?submit.661806\nhttps://github.com/maximdevere/CVE2/issues/2\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-11091",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC21 16.03.08.0\nTenda AC21 16.03.08.1\nTenda AC21 16.03.08.2\nTenda AC21 16.03.08.3\nTenda AC21 16.03.08.4\nTenda AC21 16.03.08.5\nTenda AC21 16.03.08.6\nTenda AC21 16.03.08.7\nTenda AC21 16.03.08.8\nTenda AC21 16.03.08.9\nTenda AC21 16.03.08.10\nTenda AC21 16.03.08.11\nTenda AC21 16.03.08.12\nTenda AC21 16.03.08.13\nTenda AC21 16.03.08.14\nTenda AC21 16.03.08.15\nTenda AC21 16.03.08.16",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC21",
    "version": "16.03.08.0",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}