Submit #726360: Tenda Tenda AC20 V16.03.08.12 Buffer Overflowinfo

TitleTenda Tenda AC20 V16.03.08.12 Buffer Overflow
DescriptionA buffer overflow vulnerability was discovered on the latest version of the Tengda AC20 router, V16.03.08.12, where an attacker sent a carefully constructed http post packet to the request path /goform/PowerSaveSettriggered, resulting in a denial of service attack or even RCE, specifically through the function sscanf(s, "%[^:]:%[^-]-%[^:]:%s", v7, v8, v9, v10); implemented, because there is no boundary check on the s
Source⚠️ https://github.com/xyh4ck/iot_poc/tree/main/Tenda%20AC20_Buffer_Overflow
User
 xuanyu (UID 36103)
Submission12/30/2025 06:49 (6 months ago)
Moderation12/30/2025 08:25 (2 hours later)
StatusAccepted
VulDB entry338742 [Tenda AC20 up to 16.03.08.12 /goform/PowerSaveSet sscanf powerSavingEn/time/powerSaveDelay/ledCloseType buffer overflow]
Points20

Want to know what is going to be exploited?

We predict KEV entries!