{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-8160","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-07-25T06:55:58.644Z","datePublished":"2025-07-25T15:02:07.280Z","dateUpdated":"2025-07-25T15:11:10.192Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-07-25T15:02:07.280Z"},"title":"Tenda AC20 httpd SetSysTimeCfg buffer overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"Tenda","product":"AC20","versions":[{"version":"16.03.08.0","status":"affected"},{"version":"16.03.08.1","status":"affected"},{"version":"16.03.08.2","status":"affected"},{"version":"16.03.08.3","status":"affected"},{"version":"16.03.08.4","status":"affected"},{"version":"16.03.08.5","status":"affected"},{"version":"16.03.08.6","status":"affected"},{"version":"16.03.08.7","status":"affected"},{"version":"16.03.08.8","status":"affected"},{"version":"16.03.08.9","status":"affected"},{"version":"16.03.08.10","status":"affected"},{"version":"16.03.08.11","status":"affected"},{"version":"16.03.08.12","status":"affected"}],"modules":["httpd"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in Tenda AC20 bis 16.03.08.12 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /goform/SetSysTimeCfg der Komponente httpd. Durch Manipulation des Arguments timeZone mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":9,"vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-07-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-07-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-07-25T09:01:13.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"BabyShark (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.317574","name":"VDB-317574 | Tenda AC20 httpd SetSysTimeCfg buffer overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.317574","name":"VDB-317574 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.620625","name":"Submit #620625 | Tenda AC20 <= V16.03.08.12  Buffer Overflow","tags":["third-party-advisory"]},{"url":"https://github.com/CH13hh/cve/blob/main/tenda1.md","tags":["exploit"]},{"url":"https://www.tenda.com.cn/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-25T15:10:58.750011Z","id":"CVE-2025-8160","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-25T15:11:10.192Z"}}]}}