Detections
Analytics

CVE-2025-8939

high

Description

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

https://vuldb.com/?submit.631829

https://vuldb.com/?id.319902

https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20/Tenda%20AC20.md#3-poc

https://www.tenda.com.cn/

https://vuldb.com/?ctiid.319902

https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC20/Tenda%20AC20.md

Details

Source: Mitre, NVD

Published: 2025-08-14

Updated: 2025-08-19

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 7.4

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00088