CVE-2025-29385
Published: 14 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-29385 is a stack overflow vulnerability affecting the cloneType parameter in the /goform/AdvSetMacMtuWan endpoint of Tenda AC9 v1.0 routers running firmware version V15.03.05.14_multi. Classified under CWE-787 (Out-of-bounds Write), the flaw enables remote arbitrary code execution. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critically severe due to its potential for high-impact exploitation.
An unauthenticated attacker with network access can exploit this vulnerability through low-complexity means without requiring user interaction. Successful exploitation allows the attacker to achieve high confidentiality, integrity, and availability impacts, culminating in arbitrary code execution on the targeted router.
Mitigation details and further technical analysis are available in the referenced advisory at https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan3.md.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The stack overflow vulnerability in the router's web interface endpoint /goform/AdvSetMacMtuWan enables remote arbitrary code execution, directly mapping to exploitation of a public-facing application.