CVE-2025-14654
BaseFortify
Publication date: 2025-12-14
Last updated on: 2025-12-19
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac20_firmware | 16.03.08.12 |
| tenda | ac20 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14654 is a critical stack-based buffer overflow vulnerability in the Tenda AC20 router firmware version 16.03.08.12. It exists in the function formSetPPTPUserList within the httpd component, specifically in the /goform/setPptpUserList file. The vulnerability occurs due to improper handling and manipulation of the argument list passed to this function, which leads to a stack-based buffer overflow. This overflow can be exploited remotely without local access, allowing attackers to compromise the device's confidentiality, integrity, and availability. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely to cause denial-of-service (DoS) conditions or enable arbitrary command execution on the affected Tenda AC20 router. Exploiting the stack-based buffer overflow can compromise the device's confidentiality, integrity, and availability, potentially allowing attackers to take control of the device or disrupt its normal operation. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP requests targeting the /goform/setPptpUserList endpoint with specially crafted 'list' parameters that may trigger the stack-based buffer overflow. Network intrusion detection systems (NIDS) can be configured to alert on unusual or malformed requests to this URL. Additionally, reviewing HTTP logs for unexpected POST requests to /goform/setPptpUserList may help identify exploitation attempts. Specific commands depend on your environment, but for example, using curl to test the endpoint or grep to search logs: 1) curl -v -X POST http://<router-ip>/goform/setPptpUserList -d "list=malicious_payload" 2) grep "/goform/setPptpUserList" /var/log/httpd/access.log 3) Using network monitoring tools like tcpdump or Wireshark to filter HTTP traffic to the router's IP on port 80 or 443 and inspect for suspicious payloads. Note that a proof-of-concept exploit is publicly available, so detection should focus on identifying attempts to exploit this specific function. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Disabling remote HTTP access to the router if possible to prevent remote exploitation. 2) Restricting network access to the router's management interface to trusted hosts only. 3) Monitoring network traffic and logs for exploitation attempts targeting /goform/setPptpUserList. 4) Since no known patches or countermeasures exist, it is recommended to replace the affected Tenda AC20 router with a secure alternative. 5) Applying network-level protections such as firewall rules to block malicious requests to the vulnerable endpoint. These steps help reduce the risk until a firmware update or patch is available. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.