CVE-2025-11389
Published: 07 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11389 is a stack-based buffer overflow vulnerability affecting the Tenda AC15 router on firmware version 15.03.05.18. The issue lies in an unknown function within the /goform/saveAutoQos file, where manipulation of the "enable" argument triggers the overflow.
With a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), the vulnerability enables remote exploitation by low-privileged users over the network, requiring low attack complexity and no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially leading to remote code execution.
Advisories reference a public exploit detailed in a GitHub repository at https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC15/saveAutoQos.md, along with VulDB entries at https://vuldb.com/?ctiid.327316, https://vuldb.com/?id.327316, and https://vuldb.com/?submit.664982. The vendor's site at https://www.tenda.com.cn/ is listed, but no specific patches or mitigations are detailed in the provided information.
The exploit has been publicly released, increasing the risk of real-world attacks against vulnerable Tenda AC15 devices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stack-based buffer overflow in the Tenda AC15 router's public-facing web interface (/goform/saveAutoQos) enables remote exploitation of a public-facing application for potential RCE and initial access.