Stack-Based Buffer Overflow in Tenda AC8V4 Wi-Fi Router
CVE-2025-25663

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: AC8V4 Router
Vendor: CVE Published:; 20 February 2025

Summary

A vulnerability was identified in the Tenda AC8V4 router, specifically within the WifiExtraSet functionality. The issue arises from improper handling of the wpapsk_crypto argument, leading to a stack-based buffer overflow. This flaw could potentially allow an attacker to execute arbitrary code or disrupt the normal operation of the affected device.

References

https://github.com/jangfan/my-vuln/blob/main/Tenda/AC8V4/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Feb 7, 2025