CVE-2025-15234

HighPublic PoC

Published: 30 December 2025

Published

30 December 2025

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0019 40.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been…

made available to the public and could be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of information inputs such as portIp, portMask, portGateWay, portDns, and portSecDns to prevent heap-based buffer overflows from malformed data in formSetRemoteInternetLanInfo.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and patching of the specific heap buffer overflow flaw in Tenda M3 firmware version 1.0.0.13(4903).

SI-16 Memory Protection good match

prevent

Implements memory safeguards like address space layout randomization and non-executable memory to block arbitrary code execution from heap buffer overflow exploits.

Security SummaryAI

CVE-2025-2025-15234 is a heap-based buffer overflow vulnerability (CWE-119, CWE-122) in Tenda M3 firmware version 1.0.0.13(4903). The flaw affects the formSetRemoteInternetLanInfo function in the /goform/setInternetLanInfo file, where manipulation of arguments including portIp, portMask, portGateWay, portDns, and portSecDns triggers the overflow.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited remotely by an attacker with low privileges, low attack complexity, and no user interaction. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution.

Advisories and details are documented on VulDB (ctiid.338630, id.338630, submit.725496) and a public proof-of-concept exploit is hosted at https://github.com/dwBruijn/CVEs/blob/main/Tenda/setRemoteInternetLanInfo.md, with the vendor site at https://www.tenda.com.cn/. The exploit's public availability heightens the risk of real-world attacks, as published on 2025-12-30.

Details

CWE(s): CWE-119 CWE-122

Affected Products

tenda

m3 firmware

1.0.0.13\(4903\)

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Heap-based buffer overflow in public-facing web interface (/goform/setInternetLanInfo) of Tenda M3 router firmware enables remote code execution, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/dwBruijn/CVEs/blob/main/Tenda/setRemoteInternetLanInfo.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.338630
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.338630
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.725496
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com