CVE-2025-51085: Tenda AC8V4 Router Vulnerable to Stack Overflow via Time Configuration

TL;DR: A stack overflow vulnerability (CVE-2025-51085) has been discovered in Tenda AC8V4 routers (version V16.03.34.06). This flaw allows an attacker to potentially cause a denial-of-service condition by overflowing a buffer when setting the system time configuration.

Vulnerability Details

CVE ID: CVE-2025-51085
Description: The Tenda AC8V4 router, version V16.03.34.06, contains a stack overflow vulnerability in the /goform/SetSysTimeCfg endpoint. By manipulating the timeZone and timeType arguments, an attacker can trigger a stack-based buffer overflow.
CVSS Score and Vector:
- CVSS 3.1 Score: 5.3 (Medium)
- CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Explanation: This vulnerability has a medium severity because it can be exploited remotely without any privileges or user interaction. While it doesn't compromise confidentiality or integrity, it can lead to a low-level denial-of-service, potentially disrupting network services.
Exploit Requirements: An attacker would need network access to the router's web interface. No authentication is required to exploit the vulnerability in the vulnerable endpoint.
Affected Vendor, Product, Version:
- Vendor: Tenda
- Product: AC8V4
- Version: V16.03.34.06
CWE:
- CWE ID: CWE-121
- CWE Name: Stack-based Buffer Overflow
- Explanation: A stack-based buffer overflow occurs when a program writes data beyond the allocated buffer on the stack. This can overwrite adjacent memory locations, leading to crashes, unexpected behavior, or even arbitrary code execution (though in this case, it's likely to only cause a denial of service).

Timeline of Events

2025-07-24: Vulnerability publicly disclosed.

Exploitability & Real-World Risk

This vulnerability presents a real risk because Tenda routers are commonly used in homes and small businesses. An attacker could potentially exploit this vulnerability to cause a denial-of-service condition, disrupting network connectivity for affected users. While not leading to complete compromise, persistent denial of service attacks could seriously impact productivity. Considering the ubiquity of these routers, there is potential for widespread disruption if this vulnerability is actively exploited.

Recommendations

Apply Patches: Check the Tenda website for firmware updates that address this vulnerability. Apply any available patches immediately.
Disable Remote Management: If possible, disable remote management of the router to limit the attack surface.
Monitor Network Traffic: Monitor network traffic for suspicious activity, such as unusual patterns of requests to the router's web interface.
Strong Passwords: Ensure strong, unique passwords are used for all router accounts.

Technical Insight

The vulnerability lies in the /goform/SetSysTimeCfg endpoint, where the timeZone and timeType arguments are not properly validated before being copied into a stack buffer. By providing overly long strings for these arguments, an attacker can overwrite adjacent memory locations on the stack, leading to a crash or other unexpected behavior.

Credit to Researcher(s)

This vulnerability was discovered by TL-SN, as indicated in the provided GitHub link.

CVE-2025-51085: Tenda AC8V4 Router Vulnerable to Stack Overflow via Time Configuration

CVE-2025-51085: Tenda AC8V4 Router Vulnerable to Stack Overflow via Time Configuration

Vulnerability Details

Timeline of Events

Exploitability & Real-World Risk

Recommendations

Technical Insight

Credit to Researcher(s)

References

Tags

Timeline

References

Post a Comment

Contact Form