The vulnerability identified as CVE-2025-12611 affects the Tenda AC21 router running firmware version 16.03.08.16. It is a buffer overflow flaw located in the formSetPPTPServer function of the /goform/SetPptpServerCfg endpoint. Specifically, the vulnerability arises from improper validation and handling of the startIp parameter, which can be manipulated by a remote attacker to overflow a buffer. This overflow can lead to arbitrary code execution or denial of service on the affected device. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it highly dangerous. The CVSS v4.0 score of 8.7 reflects its high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), and no user interaction (UI:N). The impact covers confidentiality, integrity, and availability, all rated high. Although no known exploits are currently active in the wild, publicly available exploit code exists, which could facilitate rapid weaponization. The flaw affects a widely used consumer and small business router model, potentially exposing numerous networks to compromise. No official patches or mitigation links are provided yet, indicating the need for immediate defensive measures by users and administrators.

The impact of CVE-2025-12611 is significant for organizations and individuals using the Tenda AC21 router. Successful exploitation can allow attackers to execute arbitrary code remotely, leading to full device compromise. This could enable attackers to intercept or manipulate network traffic, launch further attacks within the internal network, or disrupt network availability through denial-of-service conditions. The confidentiality of sensitive data passing through the router is at risk, as is the integrity of network communications. The availability of network services can also be affected, potentially causing outages. Since the vulnerability requires no authentication or user interaction, it can be exploited by attackers scanning for vulnerable devices on the internet, increasing the scale and speed of potential attacks. This poses a threat to home users, small businesses, and any organizations relying on these routers for critical connectivity.

To mitigate CVE-2025-12611, affected users should immediately check for firmware updates from Tenda and apply any patches once available. In the absence of official patches, users should disable the PPTP server functionality if not required, as this is the vulnerable component. Network administrators should implement network-level protections such as firewall rules to restrict access to the router’s management interfaces, especially blocking inbound traffic to the /goform/SetPptpServerCfg endpoint. Employing network segmentation to isolate vulnerable devices can limit the impact of a compromise. Monitoring network traffic for unusual activity targeting the router can help detect exploitation attempts early. Additionally, users should consider replacing affected devices with models from vendors with a stronger security track record if patches are delayed. Regularly auditing router configurations and disabling unnecessary services reduces the attack surface. Finally, educating users about the risks of exposed network devices and encouraging timely updates is critical.