CVE-2025-4867: Denial of Service in Tenda A15
A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-4867 is a high-severity vulnerability affecting the Tenda A15 router, specifically version 15.13.07.13. The flaw resides in the function formArpNerworkSet within the /goform/ArpNerworkSet endpoint. This vulnerability allows an unauthenticated remote attacker to manipulate the ARP network settings via crafted requests, leading to a denial of service (DoS) condition. The attack vector is network-based (AV:N), requiring no user interaction (UI:N) and no privileges (PR:L) beyond limited access, which likely corresponds to access to the router’s management interface or exposed service. The vulnerability does not impact confidentiality or integrity but severely affects availability (VA:H), causing service disruption. The CVSS 4.0 base score is 7.1, indicating a high severity. Although no public exploit is currently known to be actively used in the wild, the exploit details have been disclosed publicly, increasing the risk of exploitation. The vulnerability’s root cause is improper handling of ARP network configuration inputs, which can be exploited to crash or destabilize the device, rendering it unusable or forcing a reboot. This can disrupt network connectivity for all devices relying on the affected router, impacting business operations and user productivity.
Potential Impact
For European organizations, this vulnerability poses a significant risk to network availability, especially for small and medium enterprises or home office setups that rely on Tenda A15 routers for internet connectivity. A successful DoS attack could interrupt critical communications, delay business processes, and cause downtime. In sectors such as finance, healthcare, and manufacturing, where continuous network availability is crucial, such disruptions could lead to operational losses and regulatory compliance issues. Additionally, since the attack can be launched remotely without authentication, threat actors could target exposed routers across Europe, potentially leveraging this vulnerability as part of larger distributed denial of service (DDoS) campaigns or lateral movement within compromised networks. The lack of confidentiality or integrity impact limits data breach concerns, but the availability impact alone is sufficient to cause significant operational harm.
Mitigation Recommendations
Organizations should immediately verify if they are using Tenda A15 routers running firmware version 15.13.07.13. If so, they should seek firmware updates or patches from Tenda as a priority, even though no patch links are currently provided, monitoring vendor advisories closely. In the interim, network administrators should restrict access to the router’s management interface by implementing network segmentation and firewall rules to limit access only to trusted internal IP addresses. Disabling remote management features on the router can reduce exposure. Employing intrusion detection systems (IDS) to monitor for suspicious requests targeting /goform/ArpNerworkSet can help detect exploitation attempts. Network operators should also consider replacing vulnerable devices with models that have active security support. Regularly auditing network devices for outdated firmware and enforcing strict access controls will reduce the attack surface. Finally, organizations should prepare incident response plans to quickly restore network services in case of a DoS attack exploiting this vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2025-4867: Denial of Service in Tenda A15
Description
A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-4867 is a high-severity vulnerability affecting the Tenda A15 router, specifically version 15.13.07.13. The flaw resides in the function formArpNerworkSet within the /goform/ArpNerworkSet endpoint. This vulnerability allows an unauthenticated remote attacker to manipulate the ARP network settings via crafted requests, leading to a denial of service (DoS) condition. The attack vector is network-based (AV:N), requiring no user interaction (UI:N) and no privileges (PR:L) beyond limited access, which likely corresponds to access to the router’s management interface or exposed service. The vulnerability does not impact confidentiality or integrity but severely affects availability (VA:H), causing service disruption. The CVSS 4.0 base score is 7.1, indicating a high severity. Although no public exploit is currently known to be actively used in the wild, the exploit details have been disclosed publicly, increasing the risk of exploitation. The vulnerability’s root cause is improper handling of ARP network configuration inputs, which can be exploited to crash or destabilize the device, rendering it unusable or forcing a reboot. This can disrupt network connectivity for all devices relying on the affected router, impacting business operations and user productivity.
Potential Impact
For European organizations, this vulnerability poses a significant risk to network availability, especially for small and medium enterprises or home office setups that rely on Tenda A15 routers for internet connectivity. A successful DoS attack could interrupt critical communications, delay business processes, and cause downtime. In sectors such as finance, healthcare, and manufacturing, where continuous network availability is crucial, such disruptions could lead to operational losses and regulatory compliance issues. Additionally, since the attack can be launched remotely without authentication, threat actors could target exposed routers across Europe, potentially leveraging this vulnerability as part of larger distributed denial of service (DDoS) campaigns or lateral movement within compromised networks. The lack of confidentiality or integrity impact limits data breach concerns, but the availability impact alone is sufficient to cause significant operational harm.
Mitigation Recommendations
Organizations should immediately verify if they are using Tenda A15 routers running firmware version 15.13.07.13. If so, they should seek firmware updates or patches from Tenda as a priority, even though no patch links are currently provided, monitoring vendor advisories closely. In the interim, network administrators should restrict access to the router’s management interface by implementing network segmentation and firewall rules to limit access only to trusted internal IP addresses. Disabling remote management features on the router can reduce exposure. Employing intrusion detection systems (IDS) to monitor for suspicious requests targeting /goform/ArpNerworkSet can help detect exploitation attempts. Network operators should also consider replacing vulnerable devices with models that have active security support. Regularly auditing network devices for outdated firmware and enforcing strict access controls will reduce the attack surface. Finally, organizations should prepare incident response plans to quickly restore network services in case of a DoS attack exploiting this vulnerability.
Affected Countries
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-05-16T19:15:45.408Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682cd0f81484d88663aeb6b3
Added to database: 5/20/2025, 6:59:04 PM
Last enriched: 7/11/2025, 7:02:19 PM
Last updated: 1/7/2026, 6:11:41 AM
Views: 48
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-14835: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in opajaap WP Photo Album Plus
HighCVE-2026-0650: CWE-306 Missing Authentication for Critical Function in OpenFlagr Flagr
CriticalCVE-2025-15474: CWE-770 Allocation of Resources Without Limits or Throttling in AuntyFey AuntyFey Smart Combination Lock
MediumCVE-2025-14468: CWE-352 Cross-Site Request Forgery (CSRF) in mohammed_kaludi AMP for WP – Accelerated Mobile Pages
MediumCVE-2025-9611: CWE-749 Exposed Dangerous Method or Function in Microsoft Playwright
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.