CVE-2025-11328

CVE-2025-11328 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting Tenda AC18 routers on firmware version 15.03.05.19(6318). The flaw occurs in the processing of the /goform/SetDDNSCfg file, where manipulation of the ddnsEn argument triggers the overflow. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

An attacker with low privileges can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data, modification of system behavior, and denial of service, with potential for arbitrary code execution due to the stack-based nature of the overflow.

References include a public exploit detailed on GitHub at https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC18/SetDDNSCfg.md and advisories from VulDB (https://vuldb.com/?ctiid.327211, https://vuldb.com/?id.327211). The Tenda vendor site (https://www.tenda.com.cn/) is listed for further information, though specific patch or mitigation details are not outlined in the available data. The exploit is public and may be used against vulnerable devices.