CVE-2025-12622 identifies a buffer overflow vulnerability in the Tenda AC10 router firmware version 16.03.10.13. The vulnerability resides in the formSysRunCmd function, specifically in the handling of the getui parameter within the /goform/SysRunCmd endpoint. This endpoint is accessible remotely, and the vulnerability allows an attacker to send a specially crafted request that manipulates the getui argument, causing a buffer overflow condition. Buffer overflows can corrupt memory, potentially allowing attackers to execute arbitrary code on the device with elevated privileges. The vulnerability requires no authentication and no user interaction, making it highly exploitable remotely. The CVSS v4.0 score of 8.7 (high severity) reflects the network attack vector, low complexity, no privileges required, and no user interaction, combined with high impact on confidentiality, integrity, and availability. Although no known exploits are currently active in the wild, the public disclosure of this vulnerability increases the likelihood of exploitation attempts. The affected product, Tenda AC10, is a widely used consumer-grade wireless router, often deployed in home and small office environments, making it a valuable target for attackers seeking to compromise networks or use the device as a foothold for further attacks. The lack of available patches or official mitigation guidance at the time of disclosure further elevates the risk.

The impact of CVE-2025-12622 is significant for organizations and individuals using Tenda AC10 routers. Successful exploitation can lead to remote code execution, allowing attackers to take full control of the device. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, and disruption of network availability. Compromised routers can be used as pivot points for lateral movement within corporate or home networks, facilitating further attacks such as data exfiltration, malware deployment, or launching attacks against other targets. The vulnerability's remote exploitability without authentication increases the risk of widespread attacks, especially in environments where these routers are exposed directly to the internet. The lack of patches or mitigations at the time of disclosure means affected devices remain vulnerable, potentially exposing millions of users globally. This can lead to reputational damage, financial loss, and operational disruption for affected organizations.

To mitigate CVE-2025-12622, organizations should immediately assess their network for the presence of Tenda AC10 routers running firmware version 16.03.10.13. If possible, isolate these devices from direct internet exposure by placing them behind firewalls or network segmentation controls. Disable remote management features on the router to reduce attack surface. Monitor network traffic for unusual activity targeting the /goform/SysRunCmd endpoint. Until an official patch is released by Tenda, consider deploying network-based intrusion detection or prevention systems with signatures targeting exploitation attempts of this vulnerability. Users should regularly check for firmware updates from Tenda and apply them promptly once available. Additionally, replacing vulnerable devices with more secure alternatives may be warranted in high-risk environments. Network administrators should enforce strong network access controls and monitor for signs of compromise related to this vulnerability.