CVE-2025-12213
Published: 27 October 2025
Summary
CVE-2025-12213 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda O3 Firmware1.0.0.10\(2478\). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-12213 is a stack-based buffer overflow vulnerability affecting the Tenda O3 router on firmware version 1.0.0.10(2478). The flaw exists in the SetValue and GetValue functions of the /goform/setVlanConfig file, triggered by manipulation of the "lan" argument. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by attackers possessing low privileges. Attackers can send crafted requests to the affected endpoint, causing a stack buffer overflow that compromises confidentiality, integrity, and availability with high impact. Published on 2025-10-27, the exploit has been publicly disclosed and may be actively used.
References, including a GitHub proof-of-concept at github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/setVlanConfig.md and VulDB entries (vuldb.com/?ctiid.329883, vuldb.com/?id.329883), detail the issue but do not specify patches. Security practitioners should monitor the vendor site at tenda.com.cn for mitigation guidance or firmware updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-36080
Vulnerability details
A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has…
more
been disclosed publicly and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the publicly accessible web endpoint /goform/setVlanConfig of Tenda O3 router enables remote code execution via exploitation of a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of the 'lan' argument in /goform/setVlanConfig to prevent stack-based buffer overflows from malformed inputs.
Deploys memory protections like stack canaries and non-executable stacks to mitigate exploitation of the stack buffer overflow vulnerability.
Mandates timely flaw remediation through firmware updates to address the specific buffer overflow in Tenda O3 firmware 1.0.0.10(2478).