CVE 8.7 HIGH

Tenda AC20 WifiExtraSet buffer overflow_CVE-2025-13258

November 17, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

AI Analysis

Buffer overflow vulnerability in Tenda AC20 up to 16.03.08.12, allowing remote attackers to exploit the WifiExtraSet function

Basic Information

ID CVE-2025-13258

Source VulDB

Published Nov 17, 2025 at 02:02

Affected Product

Vendor Tenda

Product AC20

Version 16.03.08.0

Affected Versions Tenda AC20 16.03.08.0
Tenda AC20 16.03.08.1
Tenda AC20 16.03.08.2
Tenda AC20 16.03.08.3
Tenda AC20 16.03.08.4
Tenda AC20 16.03.08.5
Tenda AC20 16.03.08.6
Tenda AC20 16.03.08.7
Tenda AC20 16.03.08.8
Tenda AC20 16.03.08.9
Tenda AC20 16.03.08.10
Tenda AC20 16.03.08.11
Tenda AC20 16.03.08.12

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC20

Version 16.03.08.0, 16.03.08.1, 16.03.08.2, 16.03.08.3, 16.03.08.4, 16.03.08.5, 16.03.08.6, 16.03.08.7, 16.03.08.8, 16.03.08.9, 16.03.08.10, 16.03.08.11, 16.03.08.12

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.",
    "published": "2025-11-17T02:02:08.487Z",
    "modified": "2025-11-17T02:02:08.487Z",
    "type": "cve",
    "title": "Tenda AC20 WifiExtraSet buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332593\nhttps://vuldb.com/?ctiid.332593\nhttps://vuldb.com/?submit.688716\nhttps://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md\nhttps://github.com/DavCloudz/cve/blob/main/Tenda/Tengda%20AC20%20Router%20WifiExtraSet%20Buffer%20Overflow%20Vulnerability.md#poc\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-13258",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC20 16.03.08.0\nTenda AC20 16.03.08.1\nTenda AC20 16.03.08.2\nTenda AC20 16.03.08.3\nTenda AC20 16.03.08.4\nTenda AC20 16.03.08.5\nTenda AC20 16.03.08.6\nTenda AC20 16.03.08.7\nTenda AC20 16.03.08.8\nTenda AC20 16.03.08.9\nTenda AC20 16.03.08.10\nTenda AC20 16.03.08.11\nTenda AC20 16.03.08.12",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC20",
    "version": "16.03.08.0",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC20 up to 16.03.08.12, allowing remote attackers to exploit the WifiExtraSet function",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC20",
    "ai_version": "16.03.08.0, 16.03.08.1, 16.03.08.2, 16.03.08.3, 16.03.08.4, 16.03.08.5, 16.03.08.6, 16.03.08.7, 16.03.08.8, 16.03.08.9, 16.03.08.10, 16.03.08.11, 16.03.08.12",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply