CVE-2025-11550 is a vulnerability identified in the Tenda W12 router firmware version 3.0.0.6(3948). The root cause is a NULL pointer dereference in the wifiScheduledSet function located in the /goform/modules directory, which is part of the HTTP Request Handler component. This vulnerability arises when an attacker remotely manipulates the wifiScheduledSet argument, causing the function to dereference a NULL pointer. This leads to a denial-of-service (DoS) condition by crashing the router or disrupting its Wi-Fi scheduling capabilities. The attack vector is network-based (AV:N), requiring no authentication (AT:N) or user interaction (UI:N), and can be executed with low attack complexity (AC:L). The vulnerability does not affect confidentiality or integrity but severely impacts availability (VA:H). The CVSS 4.0 score of 7.1 reflects these factors. While no exploits have been observed in the wild, a public exploit is available, which could facilitate automated attacks. The vulnerability is specific to the Tenda W12 product line running the specified firmware version, and no patches have been linked yet. The flaw could be leveraged by attackers to disrupt network connectivity, impacting business operations and user access.

The primary impact of CVE-2025-11550 is a denial-of-service condition on affected Tenda W12 routers, resulting in network outages or degraded Wi-Fi scheduling functionality. For organizations relying on these routers for critical connectivity, this could lead to significant operational disruptions, loss of productivity, and potential downstream effects on dependent systems. The vulnerability's remote exploitability without authentication increases the attack surface, allowing attackers to target devices over the internet or local networks. This could be particularly damaging in environments where Tenda W12 devices are deployed at scale, such as small to medium enterprises, residential ISPs, or branch offices. Although confidentiality and integrity are not directly impacted, the loss of availability can hinder business continuity and emergency communications. The presence of a public exploit raises the likelihood of opportunistic attacks, especially from automated scanning and exploitation tools. Organizations without timely mitigation may face increased risk of service interruptions and potential reputational damage.

To mitigate CVE-2025-11550, organizations should first check for and apply any official firmware updates or patches released by Tenda addressing this vulnerability. In the absence of a patch, network administrators should implement access controls to restrict HTTP management interface exposure, limiting it to trusted internal networks or VPNs. Disabling remote management features on the affected routers can reduce the attack surface. Network segmentation should be employed to isolate vulnerable devices from critical infrastructure. Monitoring network traffic for unusual HTTP requests targeting the wifiScheduledSet function can help detect exploitation attempts. Additionally, consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect exploitation patterns related to this vulnerability. If feasible, replacing affected devices with models not impacted by this flaw is a long-term solution. Regularly reviewing device configurations and restricting administrative access will further reduce risk.