CVE-2025-9090

MEDIUM

Tenda AC20 16.03.08.12 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-9090. PoCs published by Byte Reaper, byteReaper77.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in Tenda AC20 16.03.08.12 via the `/goform/telnet` endpoint. It sends a crafted POST request to enable telnet access on ports 23 or 2323, then attempts to connect to verify exploitation.

Description

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (2)

exploitdb WORKING POC

by Byte Reaper · cremotemultiple

https://www.exploit-db.com/exploits/52418

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in Tenda AC20 16.03.08.12 via the `/goform/telnet` endpoint. It sends a crafted POST request to enable telnet access on ports 23 or 2323, then attempts to connect to verify exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tenda AC20 16.03.08.12

No auth needed

Prerequisites: Network access to the target device · Telnet service not already enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-9090

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-9090, a command injection vulnerability in Tenda AC20 (v16.03.08.12) routers. The exploit targets the `/goform/telnet` endpoint to enable Telnet service on ports 23/2323, followed by verification of successful exploitation via Telnet connection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tenda AC20 v16.03.08.12

No auth needed

Prerequisites: Network access to the vulnerable router · Router must be running the vulnerable firmware version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.320358

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.320358

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.632232

Exploit, Third Party Advisory related

https://github.com/ZZ2266/.github.io/blob/main/AC20/telnet/readme.md

Exploit, Third Party Advisory exploit

https://github.com/ZZ2266/.github.io/blob/main/AC20/telnet/readme.md#poc-exploit-steps

Product product

https://www.tenda.com.cn/

Scores

CVSS v3 6.3

EPSS 0.0572

EPSS Percentile 90.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-77

Status published

Products (1)

tenda/ac20_firmware 16.03.08.12

Published Aug 17, 2025

Tracked Since Feb 18, 2026