CVE-2025-11324
Published: 06 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11324 is a stack-based buffer overflow vulnerability in Tenda AC18 firmware version 15.03.05.19(6318). The flaw affects an unknown functionality within the /goform/setNotUpgrade file, where manipulation of the newVersion argument triggers the overflow. Published on 2025-10-06, it is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow) and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker can exploit this vulnerability remotely over the network with low privileges required and low attack complexity, without needing user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.
Advisories referenced in VulDB entries (ctiid.327207, id.327207, submit.664526) and a GitHub repository (noahze01/IoT-vulnerable/blob/main/Tenda/AC18/setNotUpgrade.md) detail the issue, with the exploit publicly available for potential use. The Tenda website (tenda.com.cn) is also listed as a reference, though specific patch details are not outlined in the available information.
The public availability of the exploit heightens the risk for unpatched Tenda AC18 devices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The remotely exploitable stack-based buffer overflow in the Tenda AC18 router's web management interface (/goform/setNotUpgrade) enables exploitation of a public-facing application for initial access.