CVE-2025-11527
Published: 09 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11527 is a stack-based buffer overflow vulnerability affecting the Tenda AC7 router running firmware version 15.03.06.44. The issue resides in an unknown function of the /goform/fast_setting_pppoe_set file, where manipulation of the Password argument triggers the overflow.
The vulnerability enables remote exploitation by an attacker with low privileges (PR:L) who has network access (AV:N), requires low attack complexity (AC:L), and needs no user interaction (UI:N). Successful exploitation can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), earning a CVSS v3.1 base score of 8.8. It maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
Advisories and references include a GitHub repository publicly disclosing the exploit at https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC7/fast_setting_pppoe_set.md, along with VulDB entries at https://vuldb.com/?ctiid.327665, https://vuldb.com/?id.327665, and https://vuldb.com/?submit.669856. The Tenda vendor website is available at https://www.tenda.com.cn/ for further details on potential patches or mitigations.
The exploit has been publicly disclosed and may be utilized, increasing the risk of real-world attacks against affected devices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The stack-based buffer overflow vulnerability in the Tenda AC7 router's web management interface (/goform/fast_setting_pppoe_set), exploitable remotely via crafted Password input, enables exploitation of public-facing applications.