CVE-2025-11526
Published: 09 October 2025
Summary
CVE-2025-11526 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac7 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents the stack-based buffer overflow by validating the wifi_chkHz argument at the /goform/WifiMacFilterSet entry point to reject oversized or malformed inputs.
Implements memory protections like stack canaries, address space layout randomization, and non-executable memory to block exploitation of the buffer overflow even if invalid input is processed.
Requires identification, prioritization, and remediation of the specific buffer overflow flaw in Tenda AC7 firmware version 15.03.06.44 through patching or firmware upgrades.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's web interface (/goform/WifiMacFilterSet) via remote manipulation of wifi_chkHz enables exploitation of a public-facing application for remote code execution.
NVD Description
A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has…
more
been made public and could be used.
Deeper analysisAI
CVE-2025-11526 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting Tenda AC7 router firmware version 15.03.06.44. The flaw exists in an unknown function of the /goform/WifiMacFilterSet file, where manipulation of the wifi_chkHz argument triggers the overflow. Published on 2025-10-09, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation over the network by attackers possessing low privileges, with low attack complexity and no user interaction required. Successful exploitation can result in high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution or denial of service on the affected device.
Advisories and related resources, including VulDB entries (e.g., https://vuldb.com/?id.327664) and a public proof-of-concept on GitHub (https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC7/WifiMacFilterSet.md), document the issue but do not specify patches or mitigations in the available details.
The exploit has been publicly disclosed and could be used in attacks targeting exposed Tenda AC7 routers.
Details
- CWE(s)