Unrated severityNVD Advisory· Published Dec 14, 2025· Updated Feb 24, 2026

Tenda AC20 openSchedWifi httpd buffer overflow

CVE-2025-14656

Description

A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Affected products

Tenda/Ac20v5
cpe:2.3:o:tenda:ac20_firmware:*:*:*:*:*:*:*:*
Range: 16.03.08.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN14/AC20_openSchedWifi.mdmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.tenda.com.cnmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000