CVE-2025-11550 is a vulnerability identified in the Tenda W12 router firmware version 3.0.0.6(3948). The root cause is a null pointer dereference triggered by manipulating the argument to the wifiScheduledSet function located in the /goform/modules path of the HTTP Request Handler component. This function processes HTTP requests related to Wi-Fi scheduling features. When an attacker sends a specially crafted HTTP request to this endpoint, the argument handling leads to a null pointer dereference, causing the router's software to crash or reboot, resulting in denial of service (DoS). The vulnerability can be exploited remotely over the network without requiring authentication or user interaction, making it accessible to any attacker with network access to the device. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and high impact on availability (VA:H) with no impact on confidentiality or integrity. Although no active exploitation has been reported, a public exploit is available, increasing the risk of exploitation. The vulnerability affects the availability of the device, potentially disrupting network connectivity for users relying on the Tenda W12 router. No official patches or mitigation links have been published at the time of disclosure, emphasizing the need for immediate defensive measures.

For European organizations using Tenda W12 routers, this vulnerability poses a significant risk to network availability. Exploitation can cause routers to crash or reboot, leading to temporary loss of internet connectivity and disruption of business operations dependent on stable network access. Critical infrastructure, small and medium enterprises, and home office environments relying on these devices may experience service outages. The lack of authentication requirement and remote exploitability means attackers can launch denial of service attacks from anywhere on the internet or local network. This could be leveraged in targeted attacks or as part of broader denial of service campaigns. Additionally, network downtime can impact productivity, customer service, and potentially safety in environments relying on continuous connectivity. The absence of patches increases exposure duration, necessitating proactive mitigation. The impact is primarily on availability, with no direct compromise of data confidentiality or integrity reported.

1. Immediately restrict remote access to the router’s management interface by disabling WAN-side HTTP access or limiting it to trusted IP addresses. 2. Implement network segmentation to isolate vulnerable Tenda W12 devices from critical network segments, reducing attack surface. 3. Monitor network traffic for unusual HTTP requests targeting /goform/modules or suspicious wifiScheduledSet parameters to detect exploitation attempts. 4. Employ intrusion detection/prevention systems (IDS/IPS) with custom signatures to identify and block exploit attempts against this vulnerability. 5. Regularly check for firmware updates or security advisories from Tenda and apply patches promptly once available. 6. Consider replacing vulnerable devices with models from vendors with stronger security track records if patching is delayed. 7. Educate network administrators about this vulnerability and ensure incident response plans include steps for denial of service events affecting network hardware. 8. Use network access control (NAC) to prevent unauthorized devices from connecting to the network, limiting attacker foothold.