ГлавнаяУязвимости → CVE-2025-9087
8.8высокая

CVE-2025-9087

Описание

A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Затрагиваемое ПО
Tenda Ac20 firmwareTenda Ac20
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/ZZ2266/.github.io/tree/main/AC20/formSetQosBandhttps://github.com/ZZ2266/.github.io/tree/main/AC20/formSetQosBand#poc-python-exploit-scripthttps://vuldb.com/?ctiid.320355https://vuldb.com/?id.320355https://vuldb.com/?submit.632037https://www.tenda.com.cn/