CVE-2025-14654
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-14

Last updated on: 2025-12-19

Assigner: VulDB

Description
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-14
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14654
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda ac20_firmware 16.03.08.12
tenda ac20 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2025-14654 is a critical stack-based buffer overflow vulnerability in the Tenda AC20 router firmware version 16.03.08.12. It exists in the function formSetPPTPUserList within the httpd component, specifically in the /goform/setPptpUserList file. The vulnerability occurs due to improper handling and manipulation of the argument list passed to this function, which leads to a stack-based buffer overflow. This overflow can be exploited remotely without local access, allowing attackers to compromise the device's confidentiality, integrity, and availability. [1, 2]

Impact Analysis

This vulnerability can be exploited remotely to cause denial-of-service (DoS) conditions or enable arbitrary command execution on the affected Tenda AC20 router. Exploiting the stack-based buffer overflow can compromise the device's confidentiality, integrity, and availability, potentially allowing attackers to take control of the device or disrupt its normal operation. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for suspicious HTTP requests targeting the /goform/setPptpUserList endpoint with specially crafted 'list' parameters that may trigger the stack-based buffer overflow. Network intrusion detection systems (NIDS) can be configured to alert on unusual or malformed requests to this URL. Additionally, reviewing HTTP logs for unexpected POST requests to /goform/setPptpUserList may help identify exploitation attempts. Specific commands depend on your environment, but for example, using curl to test the endpoint or grep to search logs: 1) curl -v -X POST http://<router-ip>/goform/setPptpUserList -d "list=malicious_payload" 2) grep "/goform/setPptpUserList" /var/log/httpd/access.log 3) Using network monitoring tools like tcpdump or Wireshark to filter HTTP traffic to the router's IP on port 80 or 443 and inspect for suspicious payloads. Note that a proof-of-concept exploit is publicly available, so detection should focus on identifying attempts to exploit this specific function. [1, 2]

Mitigation Strategies

Immediate mitigation steps include: 1) Disabling remote HTTP access to the router if possible to prevent remote exploitation. 2) Restricting network access to the router's management interface to trusted hosts only. 3) Monitoring network traffic and logs for exploitation attempts targeting /goform/setPptpUserList. 4) Since no known patches or countermeasures exist, it is recommended to replace the affected Tenda AC20 router with a secure alternative. 5) Applying network-level protections such as firewall rules to block malicious requests to the vulnerable endpoint. These steps help reduce the risk until a firmware update or patch is available. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14654. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart