Tenda AC20 fast_setting_wifi_set sscanf buffer overflow_CVE-2025-11385

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-11385

Source VulDB

Published Oct 7, 2025 at 09:32

Affected Product

Vendor Tenda

Product AC20

Version 16.03.08.0

Affected Versions Tenda AC20 16.03.08.0
Tenda AC20 16.03.08.1
Tenda AC20 16.03.08.2
Tenda AC20 16.03.08.3
Tenda AC20 16.03.08.4
Tenda AC20 16.03.08.5
Tenda AC20 16.03.08.6
Tenda AC20 16.03.08.7
Tenda AC20 16.03.08.8
Tenda AC20 16.03.08.9
Tenda AC20 16.03.08.10
Tenda AC20 16.03.08.11
Tenda AC20 16.03.08.12

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-10-07T09:32:06.697Z",
    "modified": "2025-10-07T09:32:06.697Z",
    "type": "cve",
    "title": "Tenda AC20 fast_setting_wifi_set sscanf buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327312\nhttps://vuldb.com/?ctiid.327312\nhttps://vuldb.com/?submit.664922\nhttps://github.com/cymiao1978/cve/blob/main/11.md\nhttps://github.com/cymiao1978/cve/blob/main/11.md#poc\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-11385",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC20 16.03.08.0\nTenda AC20 16.03.08.1\nTenda AC20 16.03.08.2\nTenda AC20 16.03.08.3\nTenda AC20 16.03.08.4\nTenda AC20 16.03.08.5\nTenda AC20 16.03.08.6\nTenda AC20 16.03.08.7\nTenda AC20 16.03.08.8\nTenda AC20 16.03.08.9\nTenda AC20 16.03.08.10\nTenda AC20 16.03.08.11\nTenda AC20 16.03.08.12",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC20",
    "version": "16.03.08.0",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}