CVE-2025-51088: Tenda AC8V4 Router Vulnerable to Stack Overflow via Guest WiFi Settings

TL;DR: A stack overflow vulnerability has been discovered in Tenda AC8V4 routers (version V16.03.34.06). This flaw allows an unauthenticated attacker on the network to cause a denial of service (DoS) condition by sending a specially crafted request to the router's web interface related to the guest WiFi settings. Exploitation involves manipulating the shareSpeed argument.

Vulnerability Details

• CVE ID: CVE-2025-51088
• Description: Tenda AC8V4 V16.03.34.06 is vulnerable to a stack overflow in the /goform/WifiGuestSet endpoint. Manipulation of the shareSpeed argument leads to a stack-based buffer overflow.
• CVSS Score: 5.3 (Medium)
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
• CVSS Explanation: This vulnerability has a CVSS score of 5.3, which is considered Medium severity. The Attack Vector is Network, meaning the attacker can be remote. Attack Complexity is Low, and no Privileges or User Interaction are required. The Scope is Unchanged, and the impact is limited to Availability (a denial-of-service). An attacker can remotely crash the router, but cannot steal data or modify system settings.
• Exploit Requirements: The attacker needs to be on the same network as the Tenda AC8V4 router and have network access to the router's web interface. No authentication is required.
• Affected Vendor: Tenda
• Affected Product: AC8V4
• Affected Version: V16.03.34.06
• CWE: CWE-121 - Stack-based Buffer Overflow
• CWE Explanation: A stack-based buffer overflow occurs when a program writes data beyond the allocated buffer size on the stack. This can overwrite adjacent memory locations, leading to unpredictable behavior, including crashes and potentially arbitrary code execution.

Timeline of Events

• 2025-07-24: Vulnerability publicly disclosed.
• 2025-07-24: CVE ID assigned (CVE-2025-51088).

Exploitability & Real-World Risk

This vulnerability is relatively easy to exploit, as it doesn't require any authentication or complex steps. An attacker on the same network as the vulnerable router can send a specially crafted request to the /goform/WifiGuestSet endpoint with an overly long shareSpeed value. This will cause a buffer overflow on the router's stack, leading to a denial-of-service (DoS). In a home or small business environment, this could disrupt internet access for all connected devices. While this vulnerability causes a DoS, it could potentially be chained with other vulnerabilities to achieve more severe impacts, such as remote code execution, if further vulnerabilities exist.

Recommendations

• Apply the Patch: Check the Tenda support website for firmware updates that address this vulnerability. Update your router to the latest available firmware version as soon as possible.
• Disable Guest WiFi (If Unused): If you are not using the Guest WiFi feature, disable it in the router's settings to reduce the attack surface.
• Monitor Network Traffic: Implement network monitoring tools to detect suspicious activity and potential exploitation attempts.
• Strong Passwords: Ensure you are using strong, unique passwords for your router's administrative interface and WiFi networks.

Technical Insight

The vulnerability lies in the handling of the shareSpeed parameter within the /goform/WifiGuestSet endpoint. The router does not properly validate the length of the input provided for this parameter before copying it into a fixed-size buffer on the stack. By sending a string larger than the allocated buffer, an attacker can overwrite adjacent memory on the stack, causing the router to crash.

Credit to Researcher(s)

This vulnerability was discovered by an anonymous researcher. Details were published on GitHub.

References

• GitHub Advisory
• Tenda Website

Tags

#CVE-2025-51088 #Tenda #AC8V4 #Router #StackOverflow #Vulnerability #DenialofService #WiFi #Security

Summary: A stack overflow vulnerability exists in Tenda AC8V4 routers (V16.03.34.06) allowing unauthenticated remote attackers to cause a denial-of-service by exploiting the /goform/WifiGuestSet endpoint with a malformed shareSpeed parameter.

CVE ID: CVE-2025-51088

Risk Analysis: Successful exploitation results in a denial-of-service condition, disrupting network access for all devices connected to the router. This could lead to loss of productivity and require a router reboot to restore service.

Recommendation: Apply the latest firmware update from Tenda. Disable the guest WiFi feature if it is not in use. Monitor network traffic for suspicious activity.

Timeline

• 2025-07-24: Vulnerability disclosed and CVE-2025-51088 assigned.

References

• https://github.com/TL-SN/IOT/blob/main/Tenda/Tenda-AC8v4%20%20V16.03.34.06/CVE-2025-51088.md
• http://tenda.com