CVE-2025-8060
Published: 23 July 2025
Summary
CVE-2025-8060 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac23 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the stack-based buffer overflow vulnerability by applying vendor firmware patches or updates to the affected Tenda AC23 httpd component.
Validates and sanitizes the deviceList argument in the /goform/setMacFilterCfg endpoint to prevent the buffer overflow triggered by malformed input.
Implements memory protections such as stack canaries, ASLR, and DEP to block arbitrary code execution from the stack-based buffer overflow even if triggered.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the httpd web interface (/goform/setMacFilterCfg) allows remote unauthenticated attackers to achieve arbitrary code execution by manipulating the deviceList parameter, enabling exploitation of a public-facing application.
NVD Description
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow.…
more
The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-8060 is a critical stack-based buffer overflow vulnerability in Tenda AC23 routers running firmware version 16.03.07.52. The flaw affects the sub_46C940 function within the /goform/setMacFilterCfg endpoint of the httpd component, where manipulation of the deviceList argument triggers the overflow.
Attackers with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required, as indicated by the CVSS v3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8). Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution. The exploit has been publicly disclosed.
Advisories and references, including VulDB entries (ctiid.317317, id.317317, submit.619604) and a GitHub repository detailing the stack overflow, confirm the remote exploit availability. The Tenda website is also referenced for vendor information, though specific patch details are not outlined in the provided sources.
The public disclosure of the exploit increases the risk of active misuse against unpatched Tenda AC23 devices.
Details
- CWE(s)