Tenda Ac20 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda Ac20 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Tenda Ac20 Firmware. Last year, in 2025 Ac20 Firmware had 12 security vulnerabilities published. Right now, Ac20 Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 12 | 8.80 |
It may take a day or so for new Ac20 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda Ac20 Firmware Security Vulnerabilities
A vulnerability has been found in Tenda AC20 up to 16.03.08.12
CVE-2025-15356
8.8 - High
- December 30, 2025
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Tenda AC20 16.03.08.12: httpd openSchedWifi buffer overflow
CVE-2025-14656
8.8 - High
- December 14, 2025
A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Classic Buffer Overflow
Stack Overflow in Tenda AC20 16.03.08.12 HTTPD formSetRebootTimer Remote
CVE-2025-14655
8.8 - High
- December 14, 2025
A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Stack Overflow
Tenda AC20 16.03.08.12 HTTPD PPTP User List Stack Buffer Overflow
CVE-2025-14654
8.8 - High
- December 14, 2025
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
Stack Overflow
Remote Buffer Overflow in Tenda AC20 <16.03.08.12 via /goform/WifiExtraSet
CVE-2025-13258
8.8 - High
- November 17, 2025
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Classic Buffer Overflow
Tenda AC20 <=16.03.08.12 sscanf Buffer Overflow via timeZone
CVE-2025-11385
8.8 - High
- October 07, 2025
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Stack Buffer Overflow in Tenda AC20 16.03.08.12 /goform/setMacFilterCfg
CVE-2025-9046
8.8 - High
- August 15, 2025
A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AC20 <=16.03.08.12 Bof in /goform/saveParentControlInfo
CVE-2025-8940
8.8 - High
- August 14, 2025
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AC20 <16.03.08.12, WifiGuestSet Buffer Overflow via shareSpeed
CVE-2025-8939
8.8 - High
- August 14, 2025
A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Buffer Overflow in Tenda AC20 16.03.08.05 /goform/SetFirewallCfg (RCE)
CVE-2025-8810
8.8 - High
- August 10, 2025
A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AC20 <=16.03.08.12 RCE Buffer Overflow via timeZone
CVE-2025-8160
8.8 - High
- July 25, 2025
A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Stack Overflow in Tenda AC20 /goform/SetStaticRouteCfg (pre-16.03.08.05)
CVE-2025-8131
8.8 - High
- July 25, 2025
A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda Ac20 Firmware or by Tenda? Click the Watch button to subscribe.
