CVE-2025-29387

CVE-2025-29387 is a stack overflow vulnerability affecting the Tenda AC9 v1.0 router running firmware version V15.03.05.14_multi. The issue resides in the wanSpeed parameter handled by the /goform/AdvSetMacMtuWan endpoint, which can be triggered to cause a buffer overflow. Published on 2025-03-14, the vulnerability is rated with a CVSS v3.1 base score of 7.1 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-787 (Out-of-bounds Write) and CWE-121 (Stack-based Buffer Overflow), potentially enabling remote arbitrary code execution.

Exploitation requires network access, high attack complexity, low privileges (PR:L), and user interaction (UI:R), such as an authenticated user with low privileges submitting a specially crafted request to the vulnerable endpoint. A successful attack could grant an attacker high-impact confidentiality, integrity, and availability compromises, including remote code execution on the affected device within the unchanged security scope.

A technical write-up detailing the vulnerability, including likely proof-of-concept information, is available in the referenced GitHub repository at https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan2.md. No official vendor advisories or patches are specified in available information.