CVE-2025-9089
BaseFortify
Publication date: 2025-08-17
Last updated on: 2025-08-21
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac20_firmware | 16.03.08.12 |
| tenda | ac20 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9089 is a critical stack-based buffer overflow vulnerability in the Tenda AC20 router firmware version 16.03.08.12. It occurs in the function sub_48E628 within the /goform/SetIpMacBind endpoint, where the router processes IP-MAC binding rules. The vulnerability arises because the function uses an unsafe strcpy operation to copy each rule segment into a fixed-size 128-byte stack buffer without proper length checking. If an attacker sends a crafted 'list' parameter with overly long rule segments, it causes a stack buffer overflow, potentially overwriting return addresses and saved registers. This flaw can be exploited remotely without authentication, allowing attackers to execute arbitrary code or cause denial of service. [1, 2]
How can this vulnerability impact me? :
This vulnerability can severely impact the affected Tenda AC20 router by allowing unauthenticated remote attackers to execute arbitrary code or cause denial of service (DoS). Exploiting the stack-based buffer overflow can compromise the confidentiality, integrity, and availability of the device, potentially leading to full control over the router or disruption of its services. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for HTTP requests targeting the /goform/SetIpMacBind endpoint with unusually long or malformed 'list' parameters that exceed 127 bytes per rule segment. Since the vulnerability involves a stack-based buffer overflow triggered by crafted input in the 'list' parameter, inspecting or capturing such requests can help identify exploitation attempts. Specific commands are not provided in the resources, but using network monitoring tools like tcpdump or Wireshark to filter HTTP POST requests to /goform/SetIpMacBind and analyzing the 'list' parameter length could be effective. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda AC20 router running firmware version 16.03.08.12, as no known countermeasures or patches currently exist. Avoid exposing the device to untrusted networks to reduce risk. Monitoring for exploit attempts and restricting access to the /goform/SetIpMacBind endpoint can also help reduce exposure until a fix or replacement is implemented. [1]