How to fix CVE-2025-5608?

Within 24 hours: Inventory all Tenda AC18 routers in production and isolate affected devices from critical networks if possible. Within 7 days: Implement network-level mitigations (WAF rules, access controls) and contact Tenda for patch availability status. Within 30 days: Develop a replacement strategy—either upgrade to patched firmware versions when available or transition to alternative router models from vendors with active security support.

Is Ac18 Firmware affected by CVE-2025-5608?

A critical remote code execution vulnerability exists in Tenda AC18 routers (model 15.03.05.05) that allows unauthenticated attackers to execute arbitrary code through a buffer overflow exploit.

CVE-2025-5608

EUVD-2025-16922 HIGH

2025-06-04 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16922

PoC Detected

Jun 17, 2025 - 20:41 vuln.today

Public exploit code

CVE Published

Jun 04, 2025 - 20:15 nvd

HIGH 8.8

Description

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical remote buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, affecting the reboot timer configuration function. An authenticated attacker can exploit improper input validation on the 'rebootTime' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). Public exploit code exists and the vulnerability is actively exploitable with low attack complexity.

Technical Context

The vulnerability exists in the SetSysAutoRebbotCfg endpoint (/goform/SetSysAutoRebbotCfg), specifically within the formsetreboottimer function responsible for processing automatic reboot scheduling configuration. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow vulnerability. The affected product is a residential WiFi router (Tenda AC18) running firmware version 15.03.05.05. The vulnerable parameter 'rebootTime' lacks proper bounds checking before being written to a fixed-size buffer, allowing an attacker to overflow the buffer and overwrite adjacent memory including function return addresses or heap metadata. CPE identifier would be: cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*

Affected Products

AC18 WiFi Router (['15.03.05.05'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: +20

CVE-2025-5608 vulnerability details – vuln.today

Back

CVE-2025-5608

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-5608

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code