CVE-2025-25679
Published: 20 February 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-25679 is a stack-based buffer overflow vulnerability (CWE-121) in the Tenda i12 router firmware version V1.0.0.10(3805). The flaw occurs in the formWifiMacFilterSet function when processing the index parameter, allowing excessive data to overflow the allocated buffer.
According to its CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), the vulnerability can be exploited by an attacker with adjacent physical network access and low privileges, such as an authenticated user on the local network. Low attack complexity and no user interaction are required, enabling high-impact consequences including unauthorized data access, modification, or system disruption, potentially leading to remote code execution or denial of service.
Technical details on the vulnerability are documented in a GitHub repository at https://github.com/jangfan/my-vuln/blob/main/Tenda/i12V1/WifiMacFilterSet.md. No vendor advisories or patches are referenced in the CVE publication dated 2025-02-20.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stack-based buffer overflow in router web interface function enables exploitation of remote service for RCE/DoS from adjacent network with low privileges.