CVE-2025-12211 is a stack-based buffer overflow vulnerability identified in the Tenda O3 router firmware version 1.0.0.10(2478). The vulnerability arises from improper handling of the dmzIP parameter in the /goform/setDmzInfo endpoint, specifically within the SetValue and GetValue functions. When an attacker sends a specially crafted request manipulating the dmzIP argument, it causes a buffer overflow on the stack, which can overwrite control data such as return addresses. This flaw can be exploited remotely over the network without requiring authentication or user interaction, making it highly accessible to attackers. Successful exploitation could allow an attacker to execute arbitrary code with elevated privileges on the device, potentially leading to full device compromise. The CVSS v4.0 score is 8.7 (high), reflecting the ease of exploitation (network vector, no authentication), and the severe impact on confidentiality, integrity, and availability. Although no active exploitation in the wild has been reported, a public exploit is available, increasing the risk of imminent attacks. The vulnerability affects a specific firmware version, and no official patch links have been published yet, indicating that mitigation options may be limited to workarounds or device replacement for now.

The vulnerability allows remote attackers to execute arbitrary code on affected Tenda O3 devices, potentially leading to full device compromise. This can result in unauthorized access to network traffic, interception or manipulation of data, disruption of network services, and use of compromised devices as footholds for further attacks within organizational networks. The compromise of routers can undermine network perimeter security, enabling attackers to bypass firewalls, launch man-in-the-middle attacks, or pivot to internal systems. Given the critical role of routers in network infrastructure, exploitation could cause significant operational disruption and data breaches. Organizations relying on Tenda O3 routers, especially in enterprise, government, or critical infrastructure sectors, face elevated risks. The public availability of exploits increases the likelihood of widespread attacks, including automated scanning and exploitation campaigns.

1. Immediately identify and inventory all Tenda O3 devices running firmware version 1.0.0.10(2478) within the network. 2. Monitor vendor communications closely for official patches or firmware updates addressing CVE-2025-12211 and apply them promptly upon release. 3. Until patches are available, restrict access to the management interface and the /goform/setDmzInfo endpoint by implementing network segmentation and firewall rules limiting access to trusted IP addresses only. 4. Disable remote management features on affected devices if not strictly necessary to reduce exposure. 5. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting exploitation attempts targeting this vulnerability. 6. Conduct regular network traffic analysis to identify anomalous requests to the vulnerable endpoint. 7. Consider replacing affected devices with models from vendors with timely security update support if patching is delayed. 8. Educate network administrators about the vulnerability and the importance of monitoring for exploitation attempts. 9. Implement network-level mitigations such as rate limiting and anomaly detection to reduce attack surface.