Null Pointer Dereference in Tenda W12 Router's HTTP Request Handler
CVE-2025-11550
Key Information:
Badges
What is CVE-2025-11550?
A null pointer dereference vulnerability exists in the Tenda W12 router, specifically within the 'wifiScheduledSet' function of the HTTP Request Handler component. This flaw allows an attacker to manipulate the 'wifiScheduledSet' argument, potentially leading to disruption of service. The vulnerability can be exploited remotely, making it crucial for users to apply necessary updates or mitigations promptly. Public disclosure of the exploit raises further concerns about its potential use in the wild.
Affected Version(s)
W12 3.0.0.6(3948)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved