Skip to main content

CVE-2025-8160: Buffer Overflow in Tenda AC20

High
VulnerabilityCVE-2025-8160cvecve-2025-8160
Published: Fri Jul 25 2025 (07/25/2025, 15:02:07 UTC)
Source: CVE Database V5
Vendor/Project: Tenda
Product: AC20

Description

A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 07/25/2025, 15:32:41 UTC

Technical Analysis

CVE-2025-8160 is a critical buffer overflow vulnerability identified in the Tenda AC20 router firmware versions up to 16.03.08.12. The flaw exists in an unspecified function within the /goform/SetSysTimeCfg endpoint of the embedded HTTP server (httpd) component. Specifically, the vulnerability arises from improper handling of the 'timeZone' argument, which can be manipulated by an attacker to overflow a buffer. This overflow can lead to memory corruption, potentially allowing remote code execution or denial of service conditions. The vulnerability is remotely exploitable without any authentication or user interaction, making it highly dangerous. The CVSS 4.0 score is 8.7 (high severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no public exploits are currently known in the wild, the exploit code has been disclosed publicly, increasing the risk of imminent attacks. The vulnerability affects multiple firmware versions, indicating a long-standing issue in the product line. Given the criticality and ease of exploitation, attackers could leverage this flaw to compromise affected routers, pivot into internal networks, intercept or manipulate traffic, or deploy persistent malware.

Potential Impact

For European organizations, the impact of CVE-2025-8160 can be significant, especially for those relying on Tenda AC20 routers in their network infrastructure. Successful exploitation could lead to full compromise of the router, enabling attackers to intercept sensitive communications, disrupt network availability, or establish persistent footholds within corporate or home networks. This is particularly concerning for small and medium enterprises (SMEs) and home office users who may use consumer-grade Tenda devices without advanced security controls. The compromise of network perimeter devices can facilitate lateral movement and data exfiltration, undermining confidentiality and integrity of organizational data. Additionally, disruption of router availability can impact business continuity. Given the remote and unauthenticated nature of the exploit, attackers can scan and target vulnerable devices en masse, increasing the likelihood of widespread impact across European networks.

Mitigation Recommendations

To mitigate CVE-2025-8160, organizations should prioritize the following actions: 1) Immediately identify all Tenda AC20 devices within their environment and verify firmware versions. 2) Apply vendor-provided patches or firmware updates once available; if no official patch exists yet, consider temporary mitigations such as disabling remote management interfaces or restricting access to the router's web interface to trusted internal IPs only. 3) Implement network segmentation to isolate vulnerable devices from critical assets and sensitive data. 4) Monitor network traffic for unusual activity indicative of exploitation attempts, such as unexpected requests to /goform/SetSysTimeCfg or anomalous outbound connections from routers. 5) Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect exploitation attempts. 6) Educate users and administrators about the risk and signs of compromise. 7) Consider replacing vulnerable devices with models from vendors with stronger security track records if patching is not feasible. These steps go beyond generic advice by focusing on immediate containment, detection, and long-term remediation tailored to this specific vulnerability and product.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-07-25T06:55:58.644Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6883a019ad5a09ad0052b93c

Added to database: 7/25/2025, 3:17:45 PM

Last enriched: 7/25/2025, 3:32:41 PM

Last updated: 7/26/2025, 9:13:35 AM

Views: 3

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats