Cyber Resilience

CVE-2025-8939

HighPublic PoC

Published: 14 August 2025

Published
14 August 2025
Modified
19 August 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0155 81.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8939 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac20 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A vulnerability identified as CVE-2025-8939 affects Tenda AC20 routers running firmware up to version 16.03.08.12. It resides in an unspecified function within the /goform/WifiGuestSet endpoint, where improper handling of the shareSpeed argument triggers a buffer overflow. The issue is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 7.4, reflecting network-accessible attack conditions with low complexity and high impact on confidentiality, integrity, and availability.

An authenticated remote attacker can supply a crafted shareSpeed value to the affected endpoint, causing memory corruption that may lead to arbitrary code execution or denial of service. Public proof-of-concept code has been released, confirming that exploitation is feasible over the network without user interaction once valid credentials are obtained.

The EPSS score remains flat at 0.0155 with no material increase since disclosure. Available references consist of public disclosure and proof-of-concept repositories rather than vendor advisories describing patches or configuration mitigations.

EU & UK References

Vulnerability details

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has…

more

been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the public-facing web interface (/goform/WifiGuestSet) of Tenda AC20 router enables remote exploitation for potential code execution.

CVEs Like This One

CVE-2025-10815Same product: Tenda Ac20
CVE-2025-11385Same product: Tenda Ac20
CVE-2025-13258Same product: Tenda Ac20
CVE-2025-14656Same product: Tenda Ac20
CVE-2025-8940Same product: Tenda Ac20
CVE-2025-10120Same product: Tenda Ac20
CVE-2025-15356Same product: Tenda Ac20
CVE-2025-8160Same product: Tenda Ac20
CVE-2025-9046Same product: Tenda Ac20
CVE-2025-9089Same product: Tenda Ac20

Affected Assets

tenda
ac20 firmware
16.03.08.0 — 16.03.08.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of the shareSpeed argument in the /goform/WifiGuestSet endpoint to prevent buffer overflow from improper input handling.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of the buffer overflow vulnerability leading to remote code execution.

prevent

Mandates timely remediation of the buffer overflow flaw in Tenda AC20 firmware up to version 16.03.08.12 to eliminate the vulnerability.

References