Login Sign Up

CVE-2025-8060

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Tenda AC23 routers allows remote attackers to execute arbitrary code by manipulating the deviceList parameter in the httpd component. This affects Tenda AC23 routers running firmware version 16.03.07.52. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:
  • Tenda AC23
Versions: 16.03.07.52
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the httpd service which is typically enabled by default for web management.

📦 What is this software?

Ac23 Firmware by Tenda

View all CVEs affecting Ac23 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router takeover enabling traffic interception, DNS manipulation, and network disruption.

🟢

If Mitigated

Limited impact if isolated from critical networks and with proper network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via the httpd service, making internet-facing routers immediately vulnerable.
🏢 Internal Only: HIGH - Even internally, the vulnerability can be exploited by any network-adjacent attacker.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit details are available, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Upload via router web interface. 4. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Disable web management interface from WAN/Internet access

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

  • Replace affected router with different model/brand
  • Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at 192.168.0.1 or 192.168.1.1

Check Version:

curl -s http://router-ip/login/Auth | grep version or check web interface

Verify Fix Applied:

Verify firmware version is newer than 16.03.07.52

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/setMacFilterCfg
  • Router crash/reboot logs
  • Unusual outbound connections from router

Network Indicators:

  • Exploit traffic patterns to router management interface
  • Unusual payloads in HTTP POST to deviceList parameter

SIEM Query:

source="router" AND (url="/goform/setMacFilterCfg" OR method="POST" AND uri CONTAINS "setMacFilterCfg")

📊 Metadata

CVE ID: CVE-2025-8060
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.26% exploit probability (49.1th percentile)
Published: July 23, 2025
Last Updated: August 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8060, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)