CVE 8.7 HIGH

Tenda AC20 openSchedWifi httpd buffer overflow_CVE-2025-14656

December 14, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

AI Analysis

Buffer overflow vulnerability in Tenda AC20 via manipulation of the schedStartTime/schedEndTime arguments in the httpd function of the /goform/openSchedWifi file, allowing remote exploitation.

Basic Information

ID CVE-2025-14656

Source VulDB

Published Dec 14, 2025 at 11:02

Affected Product

Vendor Tenda

Product AC20

Version 16.03.08.12

Affected Versions Tenda AC20 16.03.08.12

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC20

Version 16.03.08.12

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.",
    "published": "2025-12-14T11:02:07.310Z",
    "modified": "2025-12-14T11:02:07.310Z",
    "type": "cve",
    "title": "Tenda AC20 openSchedWifi httpd buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336389\nhttps://vuldb.com/?ctiid.336389\nhttps://vuldb.com/?submit.712917\nhttps://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN14/AC20_openSchedWifi.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-14656",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC20 16.03.08.12",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC20",
    "version": "16.03.08.12",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC20 via manipulation of the schedStartTime/schedEndTime arguments in the httpd function of the /goform/openSchedWifi file, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC20",
    "ai_version": "16.03.08.12",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply