CVE-2025-8810
Published: 10 August 2025
Summary
CVE-2025-8810 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac20 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates the firewallEn argument in /goform/SetFirewallCfg to prevent oversized inputs from triggering the strcpy stack-based buffer overflow.
Implements memory protections like stack canaries and non-executable stacks to mitigate exploitation of the stack-based buffer overflow in strcpy.
Mandates timely patching or remediation of the known buffer overflow flaw in the Tenda AC20 firmware's SetFirewallCfg function.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack-based buffer overflow in the Tenda AC20 router's web management interface (/goform/SetFirewallCfg) via firewallEn parameter enables arbitrary code execution (T1190: Exploit Public-Facing Application) and denial of service through application crash (T1499.004: Application or System Exploitation).
NVD Description
A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely.…
more
The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-8810 is a critical stack-based buffer overflow vulnerability affecting the Tenda AC20 router on firmware version 16.03.08.05. The flaw exists in the strcpy function within the /goform/SetFirewallCfg component, where manipulation of the firewallEn argument triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by low-privileged users (PR:L) over the network, requiring low attack complexity and no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution, data compromise, or denial of service on the affected device.
Advisories from VulDB detail the issue and reference a publicly disclosed exploit on GitHub at https://github.com/LaiwanHundun/CVE/blob/main/cve1. The Tenda manufacturer's site at https://www.tenda.com.cn/ is listed among references, though specific patch details are not outlined in available descriptions.
The exploit has been disclosed to the public and may be used in attacks, as noted in vulnerability feeds.
Details
- CWE(s)