Tenda AC8 SetServerConfig formSetServerConfig buffer overflow_CVE-2025-11120

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-11120

Source VulDB

Published Sep 28, 2025 at 21:02

Affected Product

Vendor Tenda

Product AC8

Version 16.03.34.06

Affected Versions Tenda AC8 16.03.34.06

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.",
    "published": "2025-09-28T21:02:06.820Z",
    "modified": "2025-09-28T21:02:06.820Z",
    "type": "cve",
    "title": "Tenda AC8 SetServerConfig formSetServerConfig buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.326201\nhttps://vuldb.com/?ctiid.326201\nhttps://vuldb.com/?submit.664065\nhttps://github.com/alc9700jmo/CVE/issues/19\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-11120",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC8 16.03.34.06",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC8",
    "version": "16.03.34.06",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}