Buffer Overflow Vulnerability in Tenda AC21 Router
CVE-2025-65220

4.3MEDIUM

Key Information:

Vendor: Tenda
Status: AC21 Router
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-65220?

The Tenda AC21 router has a Buffer Overflow vulnerability in its firmware, specifically located in the /goform/SetVirtualServerCfg function. This issue arises from the improper handling of the 'list' parameter, potentially allowing an attacker to execute arbitrary code or disrupt the device’s functionality. Proper validation and sanitization of inputs are crucial to mitigate this risk, emphasizing the need for users to maintain up-to-date firmware to protect their network security.

References

https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/V...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Nov 18, 2025

JSON