Tenda AC20 httpd SetSysTimeCfg buffer overflow

July 25, 2025 invoker category_cve

CVE Details

Basic Information

Title Tenda AC20 httpd SetSysTimeCfg buffer overflow
Type cve
Published 2025-07-25T15:02:07.280Z
Modified 2025-07-25T15:11:10.192Z

Product Information

Vendor Tenda
Product AC20
Version 16.03.08.0

CVSS Information

Base Score 8.7 (HIGH)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected Products

  • Tenda AC20 16.03.08.0
  • Tenda AC20 16.03.08.1
  • Tenda AC20 16.03.08.2
  • Tenda AC20 16.03.08.3
  • Tenda AC20 16.03.08.4
  • Tenda AC20 16.03.08.5
  • Tenda AC20 16.03.08.6
  • Tenda AC20 16.03.08.7
  • Tenda AC20 16.03.08.8
  • Tenda AC20 16.03.08.9
  • Tenda AC20 16.03.08.10
  • Tenda AC20 16.03.08.11
  • Tenda AC20 16.03.08.12

Additional Information

CWE List CWE-120, CWE-119
Source VulDB

Description

A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.