Cyber Resilience

CVE-2025-29135

CriticalPublic PoC

Published: 24 March 2025

Published
24 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0080 74.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29135 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ac7 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A stack-based buffer overflow vulnerability, tracked as CVE-2025-29135 and assigned CWE-121, affects the Tenda AC7 wireless router running firmware version V15.03.06.44. The flaw resides in the formWifiBasicSet function, where the security parameter is processed without adequate bounds checking, enabling a stack overflow condition that can lead to arbitrary code execution. The issue carries a CVSS 3.1 base score of 9.8, reflecting network-accessible attack complexity that is low and requires no authentication or user interaction.

Remote attackers can exploit the vulnerability by sending a crafted HTTP request containing an oversized security parameter to the router's web management interface. Successful exploitation grants the attacker the ability to execute arbitrary code with full read, write, and control privileges over the device, resulting in complete compromise of confidentiality, integrity, and availability.

Public references consist of technical write-ups and proof-of-concept material hosted on GitHub that detail the buffer overflow mechanics but contain no vendor advisory, patch information, or mitigation guidance. The associated EPSS score remains low, with a current value of 0.0080 and a recorded peak of 0.0155, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in router web form handling function (formWifiBasicSet) enables remote unauthenticated arbitrary code execution on a public-facing network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1851Same product: Tenda Ac7
CVE-2025-11528Same product: Tenda Ac7
CVE-2025-8017Same product: Tenda Ac7
CVE-2025-11525Same product: Tenda Ac7
CVE-2025-11586Same product: Tenda Ac7
CVE-2025-11527Same product: Tenda Ac7
CVE-2025-11526Same product: Tenda Ac7
CVE-2025-11524Same product: Tenda Ac7
CVE-2025-29137Same product: Tenda Ac7
CVE-2026-4974Same product: Tenda Ac7

Affected Assets

tenda
ac7 firmware
15.03.06.44

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of the security parameter in formWifiBasicSet to directly prevent stack-based buffer overflows from oversized or malformed inputs.

prevent

Implements memory protections such as stack canaries and address space layout randomization to mitigate exploitation of the stack overflow for arbitrary code execution.

prevent

Mandates timely identification, reporting, and patching of the buffer overflow flaw in Tenda AC7 firmware to eliminate the vulnerability.

References