CVE-2025-5798

Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.34.09

Description A critical issue has been found, affecting the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to a stack-based buffer overflow. This issue can be exploited remotely.

Recommendations For Tenda AC8 version 16.03.34.09, as a temporary workaround, consider disabling the fromSetSysTime function until a patch is available. Restrict access to the /goform/SetSysTimeCfg file to minimize the risk of exploitation. Avoid using the timeType argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.