CVE-2025-14656
Published: 14 December 2025
Summary
CVE-2025-14656 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac20 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates inputs like schedStartTime and schedEndTime parameters to prevent buffer overflow exploitation in the httpd function.
Implements memory protection mechanisms such as stack canaries, ASLR, and DEP to mitigate buffer overflow attacks leading to code execution.
Requires timely identification, reporting, and remediation of the specific buffer overflow flaw in Tenda AC20 firmware version 16.03.08.12.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The buffer overflow vulnerability in the Tenda AC20 router's public-facing web interface (/goform/openSchedWifi) via HTTP manipulation of schedStartTime/schedEndTime parameters enables remote exploitation of a public-facing application, potentially leading to RCE or DoS.
NVD Description
A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has…
more
been made available to the public and could be used for attacks.
Deeper analysisAI
CVE-2025-14656 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting Tenda AC20 router firmware version 16.03.08.12. The flaw exists in the httpd function of the /goform/openSchedWifi file, where manipulation of the schedStartTime and schedEndTime arguments triggers the overflow. Published on 2025-12-14, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.
The vulnerability enables remote exploitation over the network with low attack complexity, requiring only low privileges such as an authenticated user account. No user interaction is needed, and successful attacks can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or full device compromise.
VulDB advisories (ctiid.336389, id.336389, submit.712917) document the issue, while a proof-of-concept exploit is publicly available on GitHub (https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN14/AC20_openSchedWifi.md). The Tenda website (https://www.tenda.com.cn/) is referenced, but no specific patches or mitigations are detailed in the provided information. The public exploit availability increases the risk of real-world attacks.
Details
- CWE(s)