CVE-2025-12596 identifies a buffer overflow vulnerability in the Tenda AC23 router firmware version 16.03.07.52. The vulnerability resides in the saveParentControlInfo function within the /goform/saveParentControlInfo endpoint, where improper handling of the Time argument allows an attacker to overflow a buffer. This type of vulnerability can lead to memory corruption, enabling remote code execution or denial of service conditions. The attack vector is network-based (AV:N), requiring no authentication (AT:N) or user interaction (UI:N), making exploitation relatively straightforward for an attacker with network access to the device. The CVSS v4.0 score of 8.7 reflects the high impact on confidentiality, integrity, and availability, with the potential for complete system compromise. Although no known exploits are currently active in the wild, the public disclosure of exploit details increases the likelihood of future attacks. The vulnerability affects a specific firmware version, so devices running 16.03.07.52 are at risk until patched. The lack of available patches at the time of disclosure necessitates interim mitigations such as network segmentation and access restrictions. Given the widespread use of Tenda routers in consumer and small business environments, this vulnerability poses a significant risk if devices are exposed to untrusted networks.

For European organizations, exploitation of this vulnerability could lead to unauthorized remote code execution on affected Tenda AC23 routers, resulting in potential network compromise, interception or manipulation of traffic, and disruption of internet connectivity. This could impact confidentiality by exposing sensitive data, integrity by allowing attackers to alter network configurations or traffic, and availability by causing device crashes or denial of service. Small and medium enterprises, as well as home office setups relying on Tenda AC23 routers, are particularly vulnerable. Critical infrastructure or government networks using these devices could face operational disruptions or be leveraged as entry points for broader attacks. The ease of remote exploitation without authentication increases the threat level, especially for devices with exposed management interfaces or weak perimeter defenses. The public disclosure of exploit details further elevates the risk of widespread attacks targeting European networks.

1. Immediately check for and apply any firmware updates provided by Tenda addressing this vulnerability. 2. If patches are not yet available, restrict network access to the router’s management interface by implementing firewall rules limiting access to trusted IP addresses only. 3. Disable remote management features on the Tenda AC23 router to reduce exposure. 4. Employ network segmentation to isolate vulnerable devices from critical systems and sensitive data. 5. Monitor network traffic for unusual activity or attempts to access the /goform/saveParentControlInfo endpoint. 6. Consider replacing affected devices with models from vendors with a stronger security track record if timely patches are unavailable. 7. Educate users and administrators about the risks of exposing router management interfaces to the internet. 8. Use intrusion detection/prevention systems (IDS/IPS) to detect and block exploitation attempts targeting this vulnerability.