CVE-2025-12212
Published: 27 October 2025
Summary
CVE-2025-12212 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda O3 Firmware1.0.0.10\(2478\). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents the stack-based buffer overflow by validating the upnpEn argument in the SetValue/GetValue functions of /goform/setNetworkService.
Implements runtime memory protections such as stack canaries and non-executable memory to mitigate exploitation of the stack-based buffer overflow even with invalid inputs.
Requires timely remediation of the identified buffer overflow flaw in Tenda O3 firmware version 1.0.0.10(2478) through patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the remote web endpoint /goform/setNetworkService (upnpEn parameter) on Tenda O3 router enables remote code execution via exploitation of a public-facing application.
NVD Description
A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available…
more
to the public and could be used for attacks.
Deeper analysisAI
CVE-2025-12212 is a stack-based buffer overflow vulnerability affecting the Tenda O3 firmware version 1.0.0.10(2478). The issue resides in the SetValue and GetValue functions within the /goform/setNetworkService file, where manipulation of the upnpEn argument triggers the overflow. Associated with CWE-119 and CWE-121, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-10-27.
An attacker with low privileges, such as an authenticated user, can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation grants high impacts across confidentiality, integrity, and availability, enabling potential remote code execution on the affected device.
Advisories from VulDB detail the vulnerability and reference a public exploit available on GitHub at https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/setNetworkService.md. No specific patches or mitigations are outlined in the provided sources; practitioners should consult the vendor site at https://www.tenda.com.cn/ for updates.
The exploit is publicly available and could be used for attacks, increasing the risk for unpatched Tenda O3 deployments.
Details
- CWE(s)