Stack-based Buffer Overflow in Tenda AC7 Router
CVE-2025-11525
Key Information:
Badges
What is CVE-2025-11525?
A significant vulnerability in the Tenda AC7 router version 15.03.06.44 has been identified, specifically within an unknown function of the /goform/SetUpnpCfg file. This vulnerability arises from improper handling of the upnpEn argument, which can lead to a stack-based buffer overflow. Attackers can exploit this vulnerability remotely, potentially compromising network integrity and leading to unauthorized access or control. The exploit has been publicly disclosed, highlighting the urgent need for users to secure their devices against such threats.
Affected Version(s)
AC7 15.03.06.44
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved