CVE-2025-5861

| EUVD-2025-17427 HIGH
2025-06-09 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17427
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
PoC Detected
Jun 09, 2025 - 19:03 vuln.today
Public exploit code
CVE Published
Jun 09, 2025 - 05:15 nvd
HIGH 8.8

Tags

Buffer Overflow Ac7 Firmware Tenda

Description

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical remote buffer overflow vulnerability in Tenda AC7 router firmware version 15.03.06.44, affecting the LAN IP configuration function. An authenticated attacker can exploit improper input validation in the 'lanMask' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets criteria for active exploitation.

Technical Context

The vulnerability exists in the fromadvsetlanip function within the /goform/AdvSetLanip endpoint of Tenda AC7 routers. This is a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) buffer overflow affecting network device firmware. The affected component handles LAN mask configuration, a critical network parameter in residential/small business routing devices. Tenda AC7 is a budget-class AC1200 dual-band Wi-Fi router commonly deployed in home and SOHO environments. The lanMask parameter fails to implement adequate bounds checking before copying user-supplied input to a fixed-size buffer, allowing overflow of adjacent memory structures. This type of vulnerability is particularly dangerous in embedded device firmware where memory protections (DEP/ASLR) are often minimal or absent.

Affected Products

Tenda AC7 router firmware version 15.03.06.44 and potentially earlier/nearby versions. CPE string: cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*. Affected hardware model: Tenda AC7 (CPE: cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*). The vulnerability is specific to this firmware branch; other Tenda models and versions require independent assessment. Organizations running AC7 units should verify exact firmware version via router admin interface (typically System Tools > Firmware Upgrade page).

Remediation

Primary: Upgrade to the latest available Tenda AC7 firmware version beyond 15.03.06.44. Check Tenda's official support site (support.tenda.com.cn or regional equivalent) for firmware release notes confirming CVE-2025-5861 fix. Secondary mitigations if patching is delayed: (1) Restrict management access to LAN IP configuration endpoints via firewall rules at network perimeter; (2) Disable remote management features if not required (disable WAN-side access to /goform endpoints); (3) Change default admin credentials immediately; (4) Segment router management traffic to isolated administrative VLANs; (5) Monitor for suspicious configuration changes via router logs. Critical: Do NOT delay patching for extended periods, as buffer overflow exploits in router firmware often lead to complete device compromise and potential botnet enrollment.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

CVE-2025-5861 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy