Details of VAR-202508-0674

ID

VAR-202508-0674

CVE

CVE-2025-8940

TITLE

Tenda AC20 Buffer Overflow Vulnerability (CNVD-2025-19580)

Trust: 0.6

sources: CNVD: CNVD-2025-19580

DESCRIPTION

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the "Time" parameter in the file /goform/saveParentControlInfo. This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service (DoS)

Trust: 1.44

sources: NVD: CVE-2025-8940 // CNVD: CNVD-2025-19580

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19580

AFFECTED PRODUCTS

vendor:	tenda	model:	ac20	scope:	gte	version:	16.03.08.0	Trust: 1.0
vendor:	tenda	model:	ac20	scope:	lte	version:	16.03.08.12	Trust: 1.0
vendor:	jixiang tengda	model:	ac20	scope:	lte	version:	<=16.03.08.12	Trust: 0.6

sources: CNVD: CNVD-2025-19580 // NVD: CVE-2025-8940

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-8940
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-19580
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-8940
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-19580
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-8940
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-19580 // NVD: CVE-2025-8940

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0

sources: NVD: CVE-2025-8940

EXTERNAL IDS

db:	NVD	id:	CVE-2025-8940	Trust: 1.6
db:	VULDB	id:	319903	Trust: 1.0
db:	CNVD	id:	CNVD-2025-19580	Trust: 0.6

sources: CNVD: CNVD-2025-19580 // NVD: CVE-2025-8940

REFERENCES

url:	https://vuldb.com/?ctiid.319903	Trust: 1.0
url:	https://github.com/lin-3-start/lin-cve/blob/main/tenda%20ac20-2/tenda%20ac20-2.md#poc	Trust: 1.0
url:	https://vuldb.com/?submit.631836	Trust: 1.0
url:	https://github.com/lin-3-start/lin-cve/blob/main/tenda%20ac20-2/tenda%20ac20-2.md	Trust: 1.0
url:	https://www.tenda.com.cn/	Trust: 1.0
url:	https://vuldb.com/?id.319903	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-8940	Trust: 0.6

sources: CNVD: CNVD-2025-19580 // NVD: CVE-2025-8940

SOURCES

db:	CNVD	id:	CNVD-2025-19580
db:	NVD	id:	CVE-2025-8940

LAST UPDATE DATE

2025-08-29T23:24:28.189000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19580	date:	2025-08-28T00:00:00
db:	NVD	id:	CVE-2025-8940	date:	2025-08-19T18:42:24.900

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19580	date:	2025-08-28T00:00:00
db:	NVD	id:	CVE-2025-8940	date:	2025-08-14T06:15:29.180