CVE-2025-11385

Name of the Vulnerable Software and Affected Versions Tenda AC20 versions up to 16.03.08.12

Description A flaw exists in Tenda AC20 that allows remote attackers to trigger a buffer overflow. The issue is located in the sscanf function within the /goform/fast setting wifi set file. The timeZone argument is susceptible to manipulation, leading to the overflow. The exploit for this issue has been publicly disclosed.

Recommendations Update Tenda AC20 to a version later than 16.03.08.12. At the moment, there is no information about a newer version that contains a fix for this vulnerability.