CVE-2025-11386
Published: 07 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11386 is a stack-based buffer overflow vulnerability in Tenda AC15 routers running firmware version 15.03.05.18. The flaw affects an unknown function in the /goform/SetDDNSCfg endpoint of the POST Parameter Handler component, where manipulation of the 'ddnsEn' argument triggers the overflow.
The vulnerability enables remote exploitation over the network by attackers possessing low privileges, with low attack complexity and no requirement for user interaction. Exploitation can result in high confidentiality, integrity, and availability impacts, as reflected in its CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The exploit has been publicly released and is available for use.
Advisories reference a GitHub repository containing exploit details for the Tenda AC15 SetDDNSCfg vulnerability, along with VulDB entries (ctiid.327313, id.327313, submit.664969) tracking the issue. The official Tenda website is also listed, where practitioners should verify for any firmware patches or updates.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a remotely exploitable stack-based buffer overflow in the Tenda AC15 router's web interface (/goform/SetDDNSCfg), enabling adversaries to exploit a public-facing application for potential remote code execution.