Description
Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow.
References (2)
Core 2
Core References
Not Applicable
http://tenda.com
Exploit, Third Party Advisory
https://github.com/TL-SN/IOT/blob/main/Tenda/Tenda-AC8v4%20%20V16.03.34.06/CVE-2025-51089.md
Scores
CVSS v3
6.5
EPSS
0.0021
EPSS Percentile
43.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-122
Status
published
Products (1)
tenda/ac8_firmware
16.03.34.06
Published
Jul 24, 2025
Tracked Since
Feb 18, 2026