VYPR
Unrated severityNVD Advisory· Published Dec 14, 2025· Updated Feb 24, 2026

Tenda AC20 httpd setPptpUserList formSetPPTPUserList stack-based overflow

CVE-2025-14654

Description

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Tenda/Ac20v52 versions
    cpe:2.3:o:tenda:ac20_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:tenda:ac20_firmware:*:*:*:*:*:*:*:*range: 16.03.08.12
    • (no CPE)range: = 16.03.08.12 firmware

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.