CVE-2025-7422: Stack-based Buffer Overflow in Tenda O3V2
A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880). Affected is the function setAutoReboot of the file /goform/setNetworkService of the component httpd. The manipulation of the argument week leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-7422 is a critical security vulnerability identified in the Tenda O3V2 device, specifically version 1.0.0.12(3880). The flaw exists in the HTTP daemon component (httpd), within the setAutoReboot function located in the /goform/setNetworkService endpoint. The vulnerability arises from improper handling of the 'week' argument, which leads to a stack-based buffer overflow. This type of overflow occurs when data exceeding the buffer's capacity is written to the stack, potentially overwriting adjacent memory and enabling arbitrary code execution or system crashes. The vulnerability is remotely exploitable without requiring user interaction or authentication, making it particularly dangerous. The disclosed exploit allows attackers to send specially crafted HTTP requests to the vulnerable endpoint, triggering the overflow and potentially gaining control over the device or causing denial of service. The CVSS 4.0 base score is 8.7, indicating a high severity level due to the ease of remote exploitation, lack of required privileges, and the high impact on confidentiality, integrity, and availability. Although no known exploits are currently observed in the wild, the public disclosure increases the risk of exploitation by threat actors. The vulnerability affects a specific firmware version of the Tenda O3V2, a device commonly used for network connectivity, often in small office or home office environments.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, especially for those relying on Tenda O3V2 devices in their network infrastructure. Successful exploitation could lead to unauthorized remote code execution, allowing attackers to compromise network devices, intercept or manipulate network traffic, and potentially pivot to internal systems. This could result in data breaches, disruption of business operations, and loss of network availability. Given the device's role in network connectivity, exploitation could also facilitate man-in-the-middle attacks or persistent network presence. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of automated scanning and exploitation attempts. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, may face regulatory and reputational damage if compromised. Additionally, the vulnerability could be leveraged in botnet campaigns or distributed denial-of-service (DDoS) attacks, amplifying its impact beyond individual organizations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify all Tenda O3V2 devices running the affected firmware version 1.0.0.12(3880) within their networks. Immediate steps include isolating these devices from critical network segments to limit exposure. Since no official patches are currently linked, organizations should contact Tenda support for firmware updates or advisories. In the interim, network-level protections such as implementing strict firewall rules to block unauthorized access to the device's management interface, especially from untrusted networks, are essential. Deploying intrusion detection and prevention systems (IDS/IPS) with signatures targeting this vulnerability can help detect and block exploitation attempts. Regularly monitoring network traffic for anomalous HTTP requests to the /goform/setNetworkService endpoint is recommended. Organizations should also consider replacing vulnerable devices with models from vendors with robust security update practices if timely patches are unavailable. Finally, maintaining an asset inventory and enforcing network segmentation will reduce the attack surface and limit potential lateral movement if a device is compromised.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium
CVE-2025-7422: Stack-based Buffer Overflow in Tenda O3V2
Description
A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880). Affected is the function setAutoReboot of the file /goform/setNetworkService of the component httpd. The manipulation of the argument week leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-7422 is a critical security vulnerability identified in the Tenda O3V2 device, specifically version 1.0.0.12(3880). The flaw exists in the HTTP daemon component (httpd), within the setAutoReboot function located in the /goform/setNetworkService endpoint. The vulnerability arises from improper handling of the 'week' argument, which leads to a stack-based buffer overflow. This type of overflow occurs when data exceeding the buffer's capacity is written to the stack, potentially overwriting adjacent memory and enabling arbitrary code execution or system crashes. The vulnerability is remotely exploitable without requiring user interaction or authentication, making it particularly dangerous. The disclosed exploit allows attackers to send specially crafted HTTP requests to the vulnerable endpoint, triggering the overflow and potentially gaining control over the device or causing denial of service. The CVSS 4.0 base score is 8.7, indicating a high severity level due to the ease of remote exploitation, lack of required privileges, and the high impact on confidentiality, integrity, and availability. Although no known exploits are currently observed in the wild, the public disclosure increases the risk of exploitation by threat actors. The vulnerability affects a specific firmware version of the Tenda O3V2, a device commonly used for network connectivity, often in small office or home office environments.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, especially for those relying on Tenda O3V2 devices in their network infrastructure. Successful exploitation could lead to unauthorized remote code execution, allowing attackers to compromise network devices, intercept or manipulate network traffic, and potentially pivot to internal systems. This could result in data breaches, disruption of business operations, and loss of network availability. Given the device's role in network connectivity, exploitation could also facilitate man-in-the-middle attacks or persistent network presence. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of automated scanning and exploitation attempts. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, may face regulatory and reputational damage if compromised. Additionally, the vulnerability could be leveraged in botnet campaigns or distributed denial-of-service (DDoS) attacks, amplifying its impact beyond individual organizations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify all Tenda O3V2 devices running the affected firmware version 1.0.0.12(3880) within their networks. Immediate steps include isolating these devices from critical network segments to limit exposure. Since no official patches are currently linked, organizations should contact Tenda support for firmware updates or advisories. In the interim, network-level protections such as implementing strict firewall rules to block unauthorized access to the device's management interface, especially from untrusted networks, are essential. Deploying intrusion detection and prevention systems (IDS/IPS) with signatures targeting this vulnerability can help detect and block exploitation attempts. Regularly monitoring network traffic for anomalous HTTP requests to the /goform/setNetworkService endpoint is recommended. Organizations should also consider replacing vulnerable devices with models from vendors with robust security update practices if timely patches are unavailable. Finally, maintaining an asset inventory and enforcing network segmentation will reduce the attack surface and limit potential lateral movement if a device is compromised.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-07-10T07:48:48.777Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68705ed0a83201eaacaae382
Added to database: 7/11/2025, 12:46:08 AM
Last enriched: 7/11/2025, 1:01:10 AM
Last updated: 7/11/2025, 3:18:58 AM
Views: 3
Related Threats
CVE-2025-50125: CWE-918 Server-Side Request Forgery (SSRF) in Schneider Electric EcoStruxure IT Data Center Expert
MediumCVE-2025-50124: CWE-269 Improper Privilege Management in Schneider Electric EcoStruxure IT Data Center Expert
HighPatch, track, repeat
MediumCVE-2025-50123: CWE-94 Improper Control of Generation of Code ('Code Injection') in Schneider Electric EcoStruxure IT Data Center Expert
HighCVE-2025-3933: CWE-1333 Inefficient Regular Expression Complexity in huggingface huggingface/transformers
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.