CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-14654

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN12/AC20_SetPptpUserList.md
https://vuldb.com/?ctiid.336387
https://vuldb.com/?id.336387
https://vuldb.com/?submit.712899
https://www.tenda.com.cn/

Products affected by CVE-2025-14654

Tenda » Ac20 » Version: N/A

cpe:2.3:h:tenda:ac20:-
Tenda » Ac20 Firmware » Version: 16.03.08.12

cpe:2.3:o:tenda:ac20_firmware:16.03.08.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-14654

Products

Pricing

Contact Us