{"id":59762,"date":"2025-07-30T22:09:49","date_gmt":"2025-07-30T22:09:49","guid":{"rendered":""},"modified":"2025-09-29T03:08:23","modified_gmt":"2025-09-29T09:08:23","slug":"cve-2025-8060-critical-vulnerability-in-tenda-ac23-leading-to-stack-based-buffer-overflow","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-8060-critical-vulnerability-in-tenda-ac23-leading-to-stack-based-buffer-overflow\/","title":{"rendered":"CVE-2025-8060: Critical Vulnerability in Tenda AC23 Leading to Stack-based Buffer Overflow<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-8060 is a critical vulnerability that has been discovered in Tenda AC23 version 16.03.07.52, a popular networking device. This vulnerability, if exploited, can potentially compromise the system and lead to data leakage. It is particularly concerning given its severity and the fact that the exploit has been made<\/a> publicly available. This could potentially make it a target for malicious cyber actors looking to exploit unprotected systems.
\nThe vulnerability occurs in the function sub_46C940 of the file<\/a> \/goform\/setMacFilterCfg of the httpd component. The manipulation of the deviceList argument leads to a stack-based buffer overflow<\/a>, which can be launched remotely. Therefore, it is crucial that system administrators and security professionals are aware of this vulnerability<\/a> and take appropriate action to mitigate the risk.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-8060
\nSeverity: Critical (8.8)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n