CVE 8.7 HIGH

Tenda AC20 PowerSaveSet sscanf buffer overflow_CVE-2025-15356

December 30, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AI Analysis

Buffer overflow vulnerability in Tenda AC20 due to improper input validation in the PowerSaveSet function, allowing remote attackers to execute arbitrary code.

Basic Information

ID CVE-2025-15356

Source VulDB

Published Dec 30, 2025 at 20:32

Modified Dec 30, 2025 at 21:31

Affected Product

Vendor Tenda

Product AC20

Version 16.03.08.0

Affected Versions Tenda AC20 16.03.08.0
Tenda AC20 16.03.08.1
Tenda AC20 16.03.08.2
Tenda AC20 16.03.08.3
Tenda AC20 16.03.08.4
Tenda AC20 16.03.08.5
Tenda AC20 16.03.08.6
Tenda AC20 16.03.08.7
Tenda AC20 16.03.08.8
Tenda AC20 16.03.08.9
Tenda AC20 16.03.08.10
Tenda AC20 16.03.08.11
Tenda AC20 16.03.08.12

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC20

Version 16.03.08.0, 16.03.08.1, 16.03.08.2, 16.03.08.3, 16.03.08.4, 16.03.08.5, 16.03.08.6, 16.03.08.7, 16.03.08.8, 16.03.08.9, 16.03.08.10, 16.03.08.11, 16.03.08.12

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-12-30T20:32:08.560Z",
    "modified": "2025-12-30T21:31:11.375Z",
    "type": "cve",
    "title": "Tenda AC20 PowerSaveSet sscanf buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338742\nhttps://vuldb.com/?ctiid.338742\nhttps://vuldb.com/?submit.726360\nhttps://github.com/xyh4ck/iot_poc/tree/main/Tenda%20AC20_Buffer_Overflow\nhttps://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC20_Buffer_Overflow/Tenda%20AC20_Buffer_Overflow.md#poc\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-15356",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC20 16.03.08.0\nTenda AC20 16.03.08.1\nTenda AC20 16.03.08.2\nTenda AC20 16.03.08.3\nTenda AC20 16.03.08.4\nTenda AC20 16.03.08.5\nTenda AC20 16.03.08.6\nTenda AC20 16.03.08.7\nTenda AC20 16.03.08.8\nTenda AC20 16.03.08.9\nTenda AC20 16.03.08.10\nTenda AC20 16.03.08.11\nTenda AC20 16.03.08.12",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC20",
    "version": "16.03.08.0",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC20 due to improper input validation in the PowerSaveSet function, allowing remote attackers to execute arbitrary code.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC20",
    "ai_version": "16.03.08.0, 16.03.08.1, 16.03.08.2, 16.03.08.3, 16.03.08.4, 16.03.08.5, 16.03.08.6, 16.03.08.7, 16.03.08.8, 16.03.08.9, 16.03.08.10, 16.03.08.11, 16.03.08.12",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply