CVE-2025-13446 – This vulnerability in Tenda AC21 routers allows... (How to Fix)

Q: What is the severity of CVE-2025-13446?

CVE-2025-13446 has a CVSS score of 8.8 (HIGH). This vulnerability in Tenda AC21 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the SetSysTimeCfg endpoint. Attackers can exploit this without authentication to potentially take full control of affected devices. All users of Tenda AC21 routers with firmware version 16.03.08.16 are affected.

📋 TL;DR

This vulnerability in Tenda AC21 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the SetSysTimeCfg endpoint. Attackers can exploit this without authentication to potentially take full control of affected devices. All users of Tenda AC21 routers with firmware version 16.03.08.16 are affected.

💻 Affected Systems

Products:

Tenda AC21

Versions: 16.03.08.16

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable endpoint is accessible via web interface, making all default configurations vulnerable.

📦 What is this software?

Ac21 Firmware by Tenda

View all CVEs affecting Ac21 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to internal networks, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify device settings, intercept traffic, or use the device as a pivot point into internal networks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and public exploit code exists.

🏢 Internal Only: MEDIUM - While still exploitable, internal-only exposure reduces attack surface from external threat actors.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub, making exploitation trivial for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Access router admin interface 4. Navigate to firmware upgrade section 5. Upload and apply new firmware 6. Reboot router

🔧 Temporary Workarounds

Network Access Control

linux

Block external access to router web interface

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Endpoint Disable

all

Disable vulnerable endpoint if possible via configuration

🧯 If You Can't Patch

Isolate affected routers in separate VLAN with strict firewall rules
Implement network monitoring for exploitation attempts and block malicious IPs

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or About page

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer 16.03.08.16 after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetSysTimeCfg
Multiple failed buffer overflow attempts in system logs
Unexpected process execution or system reboots

Network Indicators:

HTTP POST requests to /goform/SetSysTimeCfg with long timeZone parameters
Traffic from router to suspicious external IPs

SIEM Query:

source="router_logs" AND (uri="/goform/SetSysTimeCfg" OR "buffer overflow" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2025-13446

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.13% exploit probability (33.1th percentile)

Published: November 20, 2025

Last Updated: November 21, 2025

🔗 References

https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN8.md Exploit,Third Party Advisory
https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN9.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.333018 Permissions Required,VDB Entry
https://vuldb.com/?id.333018 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.694425 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.694430 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN8.md Exploit,Third Party Advisory
https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN9.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13446, you might also want to check these: