CVE-2025-9088

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Tenda AC20 version 16.03.08.12

Description: A stack-based buffer overflow vulnerability exists in the save virtualser data function of the /goform/formSetVirtualSer file. The vulnerability is triggered by manipulating the argument list, allowing for remote exploitation. The exploit has been publicly disclosed and may be used.

Recommendations: Update to a newer version of Tenda AC20 that addresses this vulnerability.

Exploit

Fix

Memory Corruption

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121CWE-119

Related Identifiers

BDU:2025-10206

CVE-2025-9088

Affected Products

Tenda Ac20

CVE-2025-9088

Weakness Enumeration

Related Identifiers

Affected Products

References · 15