CVE-2025-12619
Published: 03 November 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-12619 is a buffer overflow vulnerability affecting the Tenda A15 router on firmware version 15.13.07.13. The flaw resides in the fromSetWirelessRepeat function within the /goform/openNetworkGateway file, where manipulation of the wpapsk_crypto2_4g argument triggers the overflow. It is classified under CWE-119 and CWE-120, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation over the network with low complexity and no user interaction required. Attackers need low privileges, such as those of an authenticated user, to trigger it. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data compromise, or denial of service on the affected device.
Advisories and details are documented on VulDB (ctiid.330913, id.330913, submit.678888), with an exploit publicly available via a Baidu link and general information on the Tenda website (tenda.com.cn). No specific patch or mitigation steps are detailed in the provided references.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote buffer overflow in the Tenda A15 router's web interface (/goform/openNetworkGateway) enables arbitrary code execution via public-facing application exploitation.