CVE-2025-13446 identifies a stack-based buffer overflow vulnerability in the Tenda AC21 router firmware version 16.03.08.16. The vulnerability resides in the handling of the /goform/SetSysTimeCfg endpoint, specifically in the processing of the timeZone/time parameter. Improper input validation or bounds checking allows an attacker to overwrite the stack memory, potentially leading to arbitrary code execution or system crashes. The attack vector is remote and does not require authentication or user interaction, making exploitation straightforward for attackers with network access to the device. The vulnerability has a CVSS 4.0 score of 8.7, indicating high severity due to its ease of exploitation and potential impact on confidentiality, integrity, and availability. Although no exploits are currently confirmed in the wild, the public disclosure of exploit details increases the likelihood of exploitation attempts. The lack of available patches or official mitigation guidance at the time of disclosure further elevates the risk. This vulnerability could be leveraged to gain persistent control over affected routers, intercept or manipulate network traffic, or disrupt network services, posing significant risks to both home users and enterprise environments relying on Tenda AC21 devices.

The impact of CVE-2025-13446 is significant for organizations and individuals using Tenda AC21 routers. Successful exploitation can result in remote code execution, allowing attackers to take full control of the device. This compromises the confidentiality of network traffic, as attackers can intercept or redirect data. Integrity is at risk since attackers can alter router configurations or inject malicious payloads into network communications. Availability may also be affected if the device is crashed or rendered inoperable through exploitation. For enterprises, this could lead to network outages, data breaches, or lateral movement within internal networks. The vulnerability's remote and unauthenticated nature means attackers can exploit it without prior access, increasing the attack surface. The public disclosure of exploit details raises the risk of widespread attacks, especially in environments where Tenda AC21 routers are prevalent and unpatched. Overall, the vulnerability threatens critical network infrastructure, potentially impacting millions of users worldwide.

Given the absence of official patches at the time of disclosure, organizations should implement immediate mitigations to reduce risk. Network administrators should isolate Tenda AC21 devices from untrusted networks, restricting access to the management interface, especially the /goform/SetSysTimeCfg endpoint, via firewall rules or network segmentation. Disabling remote management features or restricting them to trusted IP addresses can limit exposure. Monitoring network traffic for unusual requests targeting the vulnerable endpoint can help detect exploitation attempts. Organizations should maintain up-to-date inventories of affected devices and prioritize firmware updates once patches become available from Tenda. Employing network intrusion detection/prevention systems (IDS/IPS) with signatures targeting this vulnerability can provide additional defense. Users should also consider replacing vulnerable devices if patches are delayed or unavailable. Finally, raising user awareness about the risks and encouraging secure configuration practices will help mitigate exploitation.