Vulnerability Description
A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | Ac21 Firmware | <= 16.03.08.16 |
| Tenda | Ac21 | - |
Related Weaknesses (CWE)
References
- https://github.com/maximdevere/CVE2/issues/2ExploitIssue Tracking
- https://vuldb.com/?ctiid.326173Permissions RequiredVDB Entry
- https://vuldb.com/?id.326173Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.661806Third Party AdvisoryVDB Entry
- https://www.tenda.com.cn/Product
- https://github.com/maximdevere/CVE2/issues/2ExploitIssue Tracking
FAQ
What is CVE-2025-11091?
CVE-2025-11091 is a vulnerability with a CVSS score of 8.8 (HIGH). A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list ...
How severe is CVE-2025-11091?
CVE-2025-11091 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11091?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ac21 Firmware, Tenda Ac21.