EUVD-2025-21086

| CVE-2025-7419 HIGH
2025-07-10 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 06:52 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 06:52 euvd
EUVD-2025-21086
PoC Detected
Jul 16, 2025 - 16:40 vuln.today
Public exploit code
CVE Published
Jul 10, 2025 - 23:15 nvd
HIGH 8.8

Tags

Buffer Overflow O3 Firmware Tenda

Description

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 router firmware version 1.0.0.12(3880), affecting the httpd daemon's speed test functionality. An authenticated remote attacker can exploit the destIP parameter in the /goform/setRateTest endpoint to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Technical Context

The vulnerability resides in the fromSpeedTestSet function within the httpd web server component of Tenda O3V2 routers. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The destIP parameter lacks proper input validation and boundary checking, allowing an attacker to write beyond allocated stack memory. This occurs in a network-facing HTTP endpoint (/goform/setRateTest), making it remotely exploitable. The affected hardware is the Tenda O3V2 wireless router (CPE likely: cpe:2.3:o:tenda:o3v2_firmware:1.0.0.12:*:*:*:*:*:*:*), with httpd processing user-supplied input without sanitization. Stack-based overflows can overwrite return addresses and local variables, enabling code execution at the privilege level of the httpd process (typically root on embedded devices).

Affected Products

- vendor: Tenda; product: O3V2; version: 1.0.0.12(3880); component: httpd daemon; affected_function: fromSpeedTestSet; affected_endpoint: /goform/setRateTest; cpe: cpe:2.3:o:tenda:o3v2_firmware:1.0.0.12:*:*:*:*:*:*:*; hardware: Tenda O3V2 wireless router

Remediation

Patching: Update to firmware version > 1.0.0.12(3880) when released by Tenda. Check Tenda's official support page (support.tenda.com.cn or vendor-specific regional sites) for updated firmware images.; priority: CRITICAL Access Control Mitigation: Restrict access to the /goform/setRateTest endpoint via firewall rules or access control lists. Disable remote management if not required. Limit httpd daemon access to trusted networks only.; priority: HIGH Credential Hardening: Change default credentials on the device to strong, unique passwords to raise the barrier for authenticated exploitation (PR:L requirement).; priority: HIGH Network Segmentation: Isolate router management interfaces to a dedicated administrative network segment separate from guest/production traffic.; priority: MEDIUM Monitoring: Monitor httpd logs for POST requests to /goform/setRateTest with unusual destIP parameter lengths or special characters; alert on any destIP payloads exceeding expected bounds.; priority: MEDIUM

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

EUVD-2025-21086 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy