CVE-2025-8939
Published: 14 August 2025
Summary
CVE-2025-8939 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac20 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the shareSpeed argument in the /goform/WifiGuestSet endpoint to prevent buffer overflow from improper input handling.
Implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of the buffer overflow vulnerability leading to remote code execution.
Mandates timely remediation of the buffer overflow flaw in Tenda AC20 firmware up to version 16.03.08.12 to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the public-facing web interface (/goform/WifiGuestSet) of Tenda AC20 router enables remote exploitation for potential code execution.
NVD Description
A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has…
more
been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-8939 is a buffer overflow vulnerability affecting Tenda AC20 routers running firmware versions up to 16.03.08.12. The issue resides in an unknown function within the /goform/WifiGuestSet endpoint, where manipulation of the shareSpeed argument triggers the overflow. This flaw, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.
An attacker with low privileges, such as an authenticated user on the network, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows high-impact consequences, including unauthorized disclosure of sensitive data (C:H), modification of system data or behavior (I:H), and denial of service or complete system compromise (A:H), potentially leading to remote code execution on the affected router.
References include public proof-of-concept exploits hosted on GitHub at lin-3-start/lin-cve, detailing the vulnerability and exploitation steps for Tenda AC20. Additional entries on VulDB (ctiid.319902, id.319902, submit.631829) document the issue, though no vendor patches or specific mitigation guidance are detailed in available sources. The exploit's public disclosure heightens the risk for unpatched devices.
Details
- CWE(s)