CVE-2025-45428: n/a in n/a
In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
AI Analysis
Technical Summary
CVE-2025-45428 is a critical stack overflow vulnerability identified in the Tenda AC9 router, specifically in firmware version V15.03.05.14_multi. The vulnerability resides in the handling of the rebootTime parameter within the /goform/SetSysAutoRebbotCfg endpoint. This parameter is susceptible to a stack-based buffer overflow (CWE-121), which can be exploited remotely without authentication or user interaction. An attacker can send a specially crafted request to this endpoint, causing the overflow and enabling arbitrary code execution on the device. Given the nature of the vulnerability, successful exploitation can lead to full compromise of the router, allowing attackers to execute malicious code with the privileges of the device's firmware. The CVSS v3.1 base score of 9.8 reflects the high impact on confidentiality, integrity, and availability, with an attack vector that is network-based and requires no privileges or user interaction. Although no known exploits are currently reported in the wild, the ease of exploitation and critical severity make this a significant threat. The vulnerability affects a widely used consumer-grade router model, which is often deployed in home and small office environments, potentially serving as a gateway to internal networks.
Potential Impact
For European organizations, the exploitation of this vulnerability could have severe consequences. Compromised Tenda AC9 routers could serve as entry points for attackers to infiltrate internal networks, intercept sensitive communications, or launch further attacks such as lateral movement or data exfiltration. The integrity and availability of network infrastructure could be disrupted, leading to operational downtime and loss of trust. Small and medium enterprises (SMEs) and home offices relying on these routers are particularly at risk, as these devices often lack advanced security monitoring. Additionally, critical sectors such as finance, healthcare, and government agencies using these routers in branch offices or remote locations could face heightened risks. The vulnerability's remote exploitation capability without authentication increases the attack surface, potentially enabling widespread automated attacks if weaponized. The lack of patches at the time of disclosure further exacerbates the risk for European entities.
Mitigation Recommendations
1. Immediate network segmentation: Isolate Tenda AC9 routers from critical internal networks to limit potential lateral movement if compromised. 2. Disable remote management interfaces on affected devices to reduce exposure to external attacks. 3. Monitor network traffic for unusual activity targeting the /goform/SetSysAutoRebbotCfg endpoint or anomalous reboot commands. 4. Implement strict firewall rules to restrict inbound traffic to router management interfaces, ideally allowing only trusted IP addresses. 5. Engage with Tenda support or authorized vendors to obtain firmware updates or patches as soon as they become available; prioritize deployment in all affected environments. 6. Where patching is not immediately possible, consider replacing vulnerable devices with alternative models from vendors with robust security track records. 7. Educate users and administrators about the risks of this vulnerability and encourage vigilance for signs of compromise. 8. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics tailored to detect exploitation attempts targeting this vulnerability. 9. Conduct regular security audits of network devices to identify and remediate vulnerable firmware versions.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-45428: n/a in n/a
Description
In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
AI-Powered Analysis
Technical Analysis
CVE-2025-45428 is a critical stack overflow vulnerability identified in the Tenda AC9 router, specifically in firmware version V15.03.05.14_multi. The vulnerability resides in the handling of the rebootTime parameter within the /goform/SetSysAutoRebbotCfg endpoint. This parameter is susceptible to a stack-based buffer overflow (CWE-121), which can be exploited remotely without authentication or user interaction. An attacker can send a specially crafted request to this endpoint, causing the overflow and enabling arbitrary code execution on the device. Given the nature of the vulnerability, successful exploitation can lead to full compromise of the router, allowing attackers to execute malicious code with the privileges of the device's firmware. The CVSS v3.1 base score of 9.8 reflects the high impact on confidentiality, integrity, and availability, with an attack vector that is network-based and requires no privileges or user interaction. Although no known exploits are currently reported in the wild, the ease of exploitation and critical severity make this a significant threat. The vulnerability affects a widely used consumer-grade router model, which is often deployed in home and small office environments, potentially serving as a gateway to internal networks.
Potential Impact
For European organizations, the exploitation of this vulnerability could have severe consequences. Compromised Tenda AC9 routers could serve as entry points for attackers to infiltrate internal networks, intercept sensitive communications, or launch further attacks such as lateral movement or data exfiltration. The integrity and availability of network infrastructure could be disrupted, leading to operational downtime and loss of trust. Small and medium enterprises (SMEs) and home offices relying on these routers are particularly at risk, as these devices often lack advanced security monitoring. Additionally, critical sectors such as finance, healthcare, and government agencies using these routers in branch offices or remote locations could face heightened risks. The vulnerability's remote exploitation capability without authentication increases the attack surface, potentially enabling widespread automated attacks if weaponized. The lack of patches at the time of disclosure further exacerbates the risk for European entities.
Mitigation Recommendations
1. Immediate network segmentation: Isolate Tenda AC9 routers from critical internal networks to limit potential lateral movement if compromised. 2. Disable remote management interfaces on affected devices to reduce exposure to external attacks. 3. Monitor network traffic for unusual activity targeting the /goform/SetSysAutoRebbotCfg endpoint or anomalous reboot commands. 4. Implement strict firewall rules to restrict inbound traffic to router management interfaces, ideally allowing only trusted IP addresses. 5. Engage with Tenda support or authorized vendors to obtain firmware updates or patches as soon as they become available; prioritize deployment in all affected environments. 6. Where patching is not immediately possible, consider replacing vulnerable devices with alternative models from vendors with robust security track records. 7. Educate users and administrators about the risks of this vulnerability and encourage vigilance for signs of compromise. 8. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics tailored to detect exploitation attempts targeting this vulnerability. 9. Conduct regular security audits of network devices to identify and remediate vulnerable firmware versions.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-04-22T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9847c4522896dcbf5731
Added to database: 5/21/2025, 9:09:27 AM
Last enriched: 6/21/2025, 8:54:49 PM
Last updated: 8/14/2025, 9:19:39 PM
Views: 13
Related Threats
CVE-2025-9022: SQL Injection in SourceCodester Online Bank Management System
MediumCVE-2025-9021: SQL Injection in SourceCodester Online Bank Management System
MediumCVE-2025-9020: Use After Free in PX4 PX4-Autopilot
LowCVE-2025-8604: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wptb WP Table Builder – WordPress Table Plugin
MediumCVE-2025-9016: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.