CVE-2025-14655 is a stack-based buffer overflow vulnerability identified in the Tenda AC20 router firmware version 16.03.08.12. The vulnerability resides in the formSetRebootTimer function, which is part of the HTTP daemon component handling the /goform/SetSysAutoRebbotCfg endpoint. Specifically, the flaw arises when the rebootTime parameter is manipulated in a crafted HTTP request, leading to a stack overflow condition. This overflow can corrupt the stack memory, potentially allowing an attacker to execute arbitrary code remotely without requiring authentication or user interaction. The vulnerability has a CVSS 4.0 base score of 8.7 (high severity), reflecting its ease of exploitation (network attack vector, low complexity), lack of required privileges or user interaction, and significant impact on confidentiality, integrity, and availability. The exploit code has been publicly disclosed, which increases the likelihood of exploitation attempts. Although no active exploitation in the wild has been confirmed, the presence of a public exploit necessitates urgent attention. The vulnerability affects only the specific firmware version 16.03.08.12 of the Tenda AC20 router, a widely used consumer and small business networking device. The flaw could allow attackers to gain control over the device, disrupt network operations, or pivot into internal networks.

The impact of CVE-2025-14655 is substantial for organizations relying on Tenda AC20 routers, especially those running the vulnerable firmware version. Successful exploitation can lead to remote code execution, enabling attackers to take full control of the affected device. This compromises the confidentiality of network traffic passing through the router, allows modification or disruption of network communications, and threatens the availability of network services. Attackers could use compromised routers as footholds to launch further attacks within internal networks, intercept sensitive data, or disrupt business operations. Given the router's role in network infrastructure, this vulnerability could affect both home users and enterprises, particularly small and medium-sized businesses that deploy Tenda AC20 devices. The public availability of exploit code increases the risk of widespread attacks, including automated scanning and exploitation campaigns. The lack of authentication and user interaction requirements further lowers the barrier for attackers. Organizations with inadequate network segmentation or monitoring may face significant operational and security risks.

To mitigate CVE-2025-14655, organizations should immediately verify the firmware version of their Tenda AC20 routers and upgrade to a patched version once released by the vendor. In the absence of an official patch, network administrators should restrict access to the router's management interface by implementing firewall rules that limit inbound connections to trusted IP addresses only. Disabling remote management features or changing default management ports can reduce exposure. Employing network segmentation to isolate vulnerable devices from critical infrastructure limits potential lateral movement. Monitoring network traffic for unusual HTTP requests targeting /goform/SetSysAutoRebbotCfg and anomalous rebootTime parameter values can help detect exploitation attempts. Additionally, deploying intrusion detection/prevention systems (IDS/IPS) with signatures for this vulnerability can provide proactive defense. Regularly auditing and updating router firmware and configurations is essential to maintain security. Organizations should also educate users and administrators about the risks of using outdated firmware and the importance of timely updates.