Description

A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

Related CPE's

o

tenda

ac20_firmware

16.03.08.12

Vulnerable

h

tenda

ac20

-

References

https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN14/AC20_openSchedWifi.md

ExploitThird Party Advisory

https://vuldb.com/?ctiid.336389

Permissions RequiredVDB Entry

https://vuldb.com/?id.336389

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.712917

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Product

Weaknesses

[email protected]

Primary
CWE-119CWE-120

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-14T11:15:40.720

5 days ago

Last modified

2025-12-19T14:19:02.297

5 hours ago