CVE Alert: CVE-2025-12618 - Tenda - AC8

CVE-2025-12618

HIGHNo exploitation known

A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS v3.1 (8.8)

Vendor

Tenda

Product

AC8

Versions

16.03.34.06

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-11-03T06:32:13.198Z

Updated

2025-11-03T06:32:13.198Z

References

https://vuldb.com/?id.330912

https://vuldb.com/?ctiid.330912

https://vuldb.com/?submit.678887

https://www.yuque.com/ba1ma0-an29k/nnxoap/ow5xrpw56dqsgtdy?singleDoc

https://pan.baidu.com/s/11fdpTujKw6Xz0yPE2l4cMw

https://www.tenda.com.cn/

AI Summary Analysis

Risk verdict

High risk of remote code execution on affected Tenda AC8 devices due to a publicly disclosed exploit; patching should be treated as urgent when vendor fixes are available.

Why this matters

Compromising the router can give an attacker full control of traffic entering and leaving the home or small business network, enabling credential theft, man-in-the-middle activity, and pivoting to connected hosts. With high impact on confidentiality, integrity, and availability, exploitation could disrupt services and expose internal assets.

Most likely attack path

An attacker remotely probes exposed Tenda AC8 devices, then targets the /goform/DatabaseIniSet endpoint with a crafted Time argument. The buffer overflow triggers memory corruption leading to remote code execution, without user interaction but potentially requiring limited privileges. A compromised router can act as a foothold for subsequent network access and data exfiltration, with broad potential for internal pivot within the LAN.

Who is most exposed

Primarily consumer and small-business deployments using the AC8, especially where devices expose remote management or sit on internet-facing segments, or where default/admin credentials are weak or unsegmented from the wider network.

Detection ideas

Unusual requests to /goform/DatabaseIniSet, especially with abnormal Time values
Router logs showing crashes, reboots, or memory corruption indicators after such requests
Sudden changes in router config or state without admin action
Indicators of anomalous outbound traffic initiated from the router
Public exploit signatures or PoC activity detected on network sensors

Mitigation and prioritisation

Apply the vendor firmware update once available; prioritise patching as soon as released.
If patching is delayed, disable or restrict remote management and management interfaces to trusted networks; enforce strong authentication.
Implement network segmentation and restrict WAN exposure of management interfaces; monitor for anomalous access to the affected endpoint.
Enable router logs and integrate with SIEM for IOC detection; verify stability after changes.
If KEV or EPSS indicators become available and are high, escalate to priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: ac8, CVE, cve-2025-12618, OSINT, tenda, threatintel