CVE-2025-63835

HighPublic PoC

Published: 10 November 2025

Published

10 November 2025

Modified

18 November 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0032 55.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of…

service (device crash) or potential remote code execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly enforces bounds checking and input validation on parameters like guestSsid to prevent stack buffer overflows from oversized data.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of the specific buffer overflow flaw in the WifiGuestSet interface.

SI-16 Memory Protection partial match

prevent

Implements memory protections like non-executable stack or ASLR to mitigate remote code execution from controlled stack overflows, though DoS crashes may still occur.

Security SummaryAI

A stack-based buffer overflow vulnerability, tracked as CVE-2025-63835, affects Tenda AC18 routers running firmware version v15.03.05.05_multi. The issue resides in the guestSsid parameter handled by the /goform/WifiGuestSet web interface, where insufficient bounds checking allows oversized input to overflow the stack buffer. This flaw is associated with CWE-787 (Out-of-bounds Write) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Remote attackers with low privileges, such as authenticated users, can exploit this vulnerability over the network with low complexity and no user interaction required. By sending specially crafted oversized data to the guestSsid parameter, attackers can trigger a denial of service condition causing the device to crash, or potentially achieve remote code execution if the overflow is controlled precisely.

The primary advisory reference is a GitHub report detailing the vulnerability at https://github.com/babraink/cve_report/blob/main/cve_report/tenda/tendaAC18/2_wifiguest_guestssid_overflow/README.md, which security practitioners should consult for exploit details and any recommended mitigations, as no patch information is specified in available data.

Details

CWE(s): CWE-787 CWE-121

Affected Products

tenda

ac18 firmware

15.03.05.05

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The stack-based buffer overflow in the public-facing web interface (/goform/WifiGuestSet) enables exploitation for initial access via T1190 (Exploit Public-Facing Application) and denial of service through application exploitation (T1499.004), potentially leading to device crash or RCE.

References

https://github.com/babraink/cve_report/blob/main/cve_report/tenda/tendaAC18/2_wifiguest_guestssid_overflow/README.md
Exploit, Third Party Advisory · cve@mitre.org