CVE-2025-8060 in AC23
Summary
by MITRE • 07/23/2025
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/24/2025
The vulnerability identified as CVE-2025-8060 represents a critical stack-based buffer overflow flaw in the Tenda AC23 router firmware version 16.03.07.52. This security issue resides within the httpd web server component and specifically targets the sub_46C940 function located in the /goform/setMacFilterCfg file. The affected device operates a web interface that handles MAC address filtering configuration through a form submission mechanism, making it accessible to remote attackers who can exploit this weakness without requiring physical access or authentication credentials.
The technical exploitation of this vulnerability occurs through manipulation of the deviceList argument parameter within the HTTP request to the vulnerable endpoint. When an attacker submits a specially crafted request containing an oversized deviceList value, the application fails to properly validate input length before copying data into a fixed-size stack buffer. This buffer overflow condition allows an attacker to overwrite adjacent memory locations including return addresses and control registers, potentially enabling arbitrary code execution within the router's privileged execution context. The vulnerability's classification as critical stems from the fact that remote exploitation is possible without authentication, and the disclosed exploit demonstrates practical attack vectors that can be immediately leveraged by threat actors.
The operational impact of this vulnerability extends beyond simple remote code execution to encompass complete system compromise and potential network infiltration. Successful exploitation could allow attackers to gain root access to the router, enabling them to modify network configurations, install persistent backdoors, monitor network traffic, or use the device as a pivot point for attacking other systems within the local network. The vulnerability affects not just individual devices but entire network infrastructures that rely on these routers for connectivity and security enforcement. Given that the exploit has been publicly disclosed, the window for defensive action is limited, and organizations must urgently assess their exposure and implement protective measures.
Mitigation strategies for CVE-2025-8060 should prioritize immediate firmware updates from Tenda to address the underlying buffer overflow condition. Network administrators should also implement additional protective measures including disabling unnecessary web management interfaces, restricting access to router configuration portals through firewall rules, and monitoring network traffic for suspicious activity patterns associated with exploitation attempts. The vulnerability aligns with CWE-121 stack-based buffer overflow classification and represents a technique commonly mapped to attack phases in the MITRE ATT&CK framework under initial access and execution categories. Organizations should also consider network segmentation to limit the potential impact of successful exploitation and maintain comprehensive network monitoring to detect anomalous behavior that might indicate compromise of affected devices.