Description
A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
EPSS Score:
0%
Comprehensive Technical Analysis of EUVD-2025-29161
1. Vulnerability Assessment and Severity Evaluation
The vulnerability identified in Tenda AC1206 firmware version 15.03.06.23 affects the HTTP Request Handler component, specifically the check_param_changed function within the /goform/AdvSetMacMtuWa file. This vulnerability results in a stack-based buffer overflow when the wanMTU argument is manipulated. The severity of this vulnerability is rated at 9.3 on the CVSS 4.0 scale, indicating a critical risk. The high base score is due to the following factors:
- Attack Vector (AV:N): Network-based, meaning the vulnerability can be exploited remotely.
- Attack Complexity (AC:L): Low complexity, suggesting that the attack does not require specialized conditions.
- Privileges Required (PR:N): No privileges are required to exploit the vulnerability.
- User Interaction (UI:N): No user interaction is needed.
- Confidentiality (VC:H), Integrity (VI:H), and Availability (VA:H): High impact on all three security properties.
2. Potential Attack Vectors and Exploitation Methods
The primary attack vector involves manipulating the wanMTU parameter in HTTP requests sent to the device. An attacker could craft a malicious HTTP request that triggers a stack-based buffer overflow in the check_param_changed function. This could lead to arbitrary code execution, allowing the attacker to gain control over the device.
Potential exploitation methods include:
- Remote Code Execution (RCE): By sending a specially crafted HTTP request, an attacker could execute arbitrary code on the device.
- Denial of Service (DoS): The buffer overflow could cause the device to crash or become unresponsive, leading to a denial of service.
- Data Exfiltration: An attacker could potentially extract sensitive information from the device's memory.
3. Affected Systems and Software Versions
The vulnerability specifically affects:
- Product: Tenda AC1206
- Firmware Version: 15.03.06.23
Other versions of the Tenda AC1206 firmware may also be affected, but this has not been confirmed. Users and administrators should verify the firmware version of their devices and apply updates as necessary.
4. Recommended Mitigation Strategies
To mitigate the risk associated with this vulnerability, the following strategies are recommended:
- Firmware Update: Immediately update the firmware to a version that addresses this vulnerability. Contact Tenda for the latest firmware updates.
- Network Segmentation: Isolate the affected devices on a separate network segment to limit exposure to potential attackers.
- Firewall Rules: Implement strict firewall rules to restrict access to the device's HTTP interface.
- Intrusion Detection Systems (IDS): Deploy IDS to monitor for suspicious network activity targeting the device.
- Regular Audits: Conduct regular security audits and vulnerability assessments to identify and address potential security issues.
5. Impact on European Cybersecurity Landscape
The vulnerability poses a significant risk to the European cybersecurity landscape, particularly for organizations and individuals using Tenda AC1206 devices. The potential for remote exploitation and the high impact on confidentiality, integrity, and availability make this vulnerability a critical concern. Organizations should prioritize mitigation efforts to protect against potential attacks.
6. Technical Details for Security Professionals
Vulnerability Details:
- Function Affected:
check_param_changed - File Affected:
/goform/AdvSetMacMtuWa - Parameter:
wanMTU - Type of Vulnerability: Stack-based buffer overflow
Exploit Availability:
- The exploit has been made public and is available on GitHub: GitHub Link
References:
Aliases:
- CVE-2025-10432
Assigner:
- VulDB
ENISA IDs:
- Product: 26b09a59-4aa7-30f9-87c6-da339bffd30f
- Vendor: 9e1dd328-9212-3917-b45d-c316274e3e46
By following the recommended mitigation strategies and staying informed about the latest security updates, organizations can effectively manage the risk posed by this vulnerability.