CVE-2025-11327
Published: 06 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11327 is a stack-based buffer overflow vulnerability affecting the Tenda AC18 router on firmware version 15.03.05.19(6318). The flaw exists in unknown code within the /goform/SetUpnpCfg file, where manipulation of the upnpEn argument triggers the overflow. It is remotely exploitable and associated with CWE-119 and CWE-121, earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.
An exploit for CVE-2025-11327 has been publicly disclosed on GitHub, increasing the risk of widespread abuse. Security advisories are available via VulDB entries, and practitioners should monitor the Tenda website for patches or mitigation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stack-based buffer overflow in the unauthenticated web endpoint /goform/SetUpnpCfg of Tenda AC18 router enables remote code execution or denial of service on a public-facing network device.