CVE-2025-13445

HighPublic PoC

Published: 20 November 2025

Published

20 November 2025

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0054 67.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13445 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac21 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of inputs to the /goform/SetIpMacBind endpoint to prevent stack-based buffer overflows from manipulated argument lists.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as stack canaries or ASLR to mitigate stack-based buffer overflow exploits even if invalid inputs are processed.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the identified buffer overflow flaw in Tenda AC21 firmware version 16.03.08.16 to eliminate the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Remote stack-based buffer overflow in router web interface (/goform/SetIpMacBind) enables exploitation of public-facing application (T1190), exploitation of remote services (T1210), and application exhaustion/DoS (T1499.004) via overflow; PoC available, potentially leading to RCE.

NVD Description

A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has…

been published and may be used.

Deeper analysisAI

CVE-2025-13445 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting Tenda AC21 routers on firmware version 16.03.08.16. The issue lies in an unknown component of the /goform/SetIpMacBind file, where manipulation of the argument list triggers the overflow. Published on 2025-11-20, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

An authenticated remote attacker with low privileges can exploit this vulnerability over the network with minimal complexity and no user interaction required. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially leading to arbitrary code execution on the device. An exploit has been publicly disclosed and is available for use.

Advisories and details are available via VulDB entries (ctiid.333017, id.333017, submit.694066) and the vendor's site at tenda.com.cn. The full exploit PoC is hosted on GitHub at github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN7.md. Practitioners should review these sources for patch availability and mitigation steps.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

ac21 firmware

16.03.08.16

CVEs Like This One

CVE-2025-13446Same product: Tenda Ac21

CVE-2026-1637Same product: Tenda Ac21

CVE-2025-12611Same product: Tenda Ac21

CVE-2025-10838Same product: Tenda Ac21

CVE-2025-11091Same product: Tenda Ac21

CVE-2025-9605Same product: Tenda Ac21

CVE-2026-4565Same product: Tenda Ac21

CVE-2026-2148Same product: Tenda Ac21

CVE-2026-1638Same product: Tenda Ac21

CVE-2025-9523Same vendor: Tenda

References

https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN7.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.333017
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.333017
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.694066
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com
https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN7.md
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0