CVE-2025-14656 – A buffer overflow vulnerability in Tenda AC20 r... (How to Fix)

Q: What is the severity of CVE-2025-14656?

CVE-2025-14656 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in Tenda AC20 routers allows remote attackers to execute arbitrary code by manipulating schedStartTime/schedEndTime parameters in the openSchedWifi function. This affects Tenda AC20 routers running firmware version 16.03.08.12. Attackers can exploit this from the internet to potentially take full control of affected devices.

📋 TL;DR

A buffer overflow vulnerability in Tenda AC20 routers allows remote attackers to execute arbitrary code by manipulating schedStartTime/schedEndTime parameters in the openSchedWifi function. This affects Tenda AC20 routers running firmware version 16.03.08.12. Attackers can exploit this from the internet to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda AC20

Versions: 16.03.08.12

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the httpd service on the router. The openSchedWifi function is part of the web management interface.

📦 What is this software?

Ac20 Firmware by Tenda

View all CVEs affecting Ac20 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, persistent backdoor installation, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept network traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal threats remain possible.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit code exists.

🏢 Internal Only: HIGH - Even internally, the vulnerability can be exploited by any network-connected attacker.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC20. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Log into router admin > Advanced > System Tools > Remote Management > Disable

Restrict WAN Access

linux

Block external access to router management ports

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Isolate affected routers in separate VLAN with strict firewall rules
Implement network segmentation to limit lateral movement potential

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools > Firmware Upgrade

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than 16.03.08.12 and test if openSchedWifi endpoint still accepts malformed input

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/openSchedWifi with unusually long parameters
HTTP requests containing buffer overflow patterns in schedStartTime/schedEndTime

Network Indicators:

Unusual outbound connections from router IP
Traffic patterns suggesting command and control communication

SIEM Query:

source="router_logs" AND uri="/goform/openSchedWifi" AND (param_length>100 OR contains(param,"schedStartTime") OR contains(param,"schedEndTime"))

📊 Metadata

CVE ID: CVE-2025-14656

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.09% exploit probability (25.9th percentile)

Published: December 14, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN14/AC20_openSchedWifi.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.336389 Permissions Required,VDB Entry
https://vuldb.com/?id.336389 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.712917 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14656, you might also want to check these: