CVE-2025-8160
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-08-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac20_firmware | 16.03.08.12 |
| tenda | ac20 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8160 is a critical buffer overflow vulnerability in the Tenda AC20 router firmware (up to version 16.03.08.12). It occurs in the httpd component at the /goform/SetSysTimeCfg endpoint, where improper handling of the timeZone parameter allows an attacker to overflow a buffer by sending a specially crafted input that exceeds the expected size. This flaw can be exploited remotely without authentication, leading to potential compromise of the device. [1, 2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can impact the confidentiality, integrity, and availability of the affected Tenda AC20 router. An attacker can remotely trigger a buffer overflow, which may result in denial of service (DoS) or potentially remote code execution (RCE), allowing full control over the device. This can disrupt network operations and expose sensitive data passing through the router. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP POST requests sent to the /goform/SetSysTimeCfg endpoint on Tenda AC20 routers. Specifically, detection involves identifying unusually large or malformed timeZone parameters in POST requests that could trigger the buffer overflow. Network intrusion detection systems (NIDS) or HTTP traffic inspection tools can be configured to alert on POST requests to /goform/SetSysTimeCfg with suspicious payload sizes. For manual detection, you can use tools like curl or wget to send crafted POST requests and observe device behavior. Example command to test the endpoint: curl -X POST http://<router-ip>/goform/SetSysTimeCfg -d "timeZone=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". Monitoring logs for crashes or abnormal behavior after such requests can also indicate exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda AC20 router firmware with a non-vulnerable version if available, or replacing the device entirely, as no official patches or fixes have been published. Additionally, restricting remote access to the router's HTTP management interface, such as disabling remote management or limiting access to trusted networks, can reduce exposure. Network-level protections like firewall rules blocking external access to the /goform/SetSysTimeCfg endpoint or HTTP POST requests to the router can also help mitigate risk until a patch or replacement is implemented. [1]