Vulnerability Description
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | Ac20 Firmware | <= 16.03.08.12 |
| Tenda | Ac20 | - |
Related Weaknesses (CWE)
References
- https://github.com/cymiao1978/cve/blob/main/4.mdExploitThird Party Advisory
- https://github.com/cymiao1978/cve/blob/main/4.md#pocExploitThird Party Advisory
- https://vuldb.com/?ctiid.323089Permissions Required
- https://vuldb.com/?id.323089Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.645680Third Party AdvisoryVDB Entry
- https://www.tenda.com.cn/Product
- https://github.com/cymiao1978/cve/blob/main/4.mdExploitThird Party Advisory
FAQ
What is CVE-2025-10120?
CVE-2025-10120 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buff...
How severe is CVE-2025-10120?
CVE-2025-10120 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-10120?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ac20 Firmware, Tenda Ac20.