Stack-Based Buffer Overflow Vulnerability in Tenda AC20 Router
CVE-2025-9089

8.8HIGH

Key Information:

Vendor: Tenda
Status: AC20 Router
Vendor: CVE Published:; 17 August 2025

What is CVE-2025-9089?

A stack-based buffer overflow vulnerability has been identified in the Tenda AC20 router's sub_48E628 function, specifically located within the /goform/SetIpMacBind file. This vulnerability allows remote attackers to manipulate argument lists, potentially leading to arbitrary code execution. The issue has been publicly disclosed, raising concerns over the security of devices running the affected firmware version (16.03.08.12). It is crucial for users to apply security measures and update their devices promptly to mitigate risks associated with this vulnerability.

References

https://github.com/ZZ2266/.github.io/blob/main/AC20/fromS...

https://vuldb.com/?ctiid.320357

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2025