CVE-2025-12210 is a stack-based buffer overflow vulnerability identified in Tenda O3 wireless device firmware version 1.0.0.10(2478). The vulnerability resides in the SetValue/GetValue functions of the /goform/AdvSetLanip endpoint, which processes the lanIp parameter. Improper input validation or bounds checking allows an attacker to supply a crafted lanIp argument that overflows the stack buffer. This overflow can corrupt the stack frame, potentially enabling arbitrary code execution or denial of service. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it highly accessible to attackers scanning for vulnerable devices exposed on the internet or internal networks. The CVSS v4.0 base score is 8.7, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no active exploitation has been reported, a public exploit is available, increasing the likelihood of exploitation attempts. The vulnerability affects a specific firmware version, so devices running other versions may not be vulnerable. The absence of an official patch at the time of disclosure necessitates immediate risk mitigation through network controls and monitoring. This vulnerability is critical for organizations relying on Tenda O3 devices for network connectivity, especially where remote management is enabled or devices are internet-facing.

The impact of CVE-2025-12210 on European organizations can be significant, particularly for those deploying Tenda O3 devices in enterprise or critical infrastructure environments. Exploitation could allow attackers to execute arbitrary code on the device, leading to full compromise of the router or access point. This can result in interception or manipulation of network traffic, unauthorized network access, lateral movement within internal networks, and disruption of network availability. Confidential information traversing the device could be exposed or altered, undermining data integrity and privacy. The vulnerability's remote exploitability without authentication increases the attack surface, especially for organizations with devices exposed to the internet or poorly segmented internal networks. Potential consequences include espionage, data breaches, service outages, and facilitation of further attacks against corporate or governmental networks. Given the widespread use of Tenda networking equipment in small and medium enterprises and some public sector deployments in Europe, the vulnerability poses a tangible risk to network security and operational continuity.

1. Immediately identify all Tenda O3 devices running firmware version 1.0.0.10(2478) within the network using asset management and network scanning tools. 2. Disable remote management interfaces and restrict administrative access to trusted internal IP addresses only. 3. Apply network segmentation to isolate vulnerable devices from critical systems and sensitive data flows. 4. Monitor network traffic for anomalous activity targeting the /goform/AdvSetLanip endpoint or unusual lanIp parameter usage. 5. Implement intrusion detection/prevention systems with signatures for known exploits targeting this vulnerability. 6. Coordinate with Tenda for official firmware updates or patches and plan immediate deployment once available. 7. In the interim, consider deploying web application firewalls or reverse proxies to filter and validate incoming requests to the vulnerable endpoint. 8. Educate network administrators about the vulnerability and ensure strict adherence to security best practices for device configuration and management. 9. Maintain up-to-date backups and incident response plans to quickly recover from potential compromise. 10. Regularly review and update firewall rules to block unauthorized access to device management interfaces.