CVE-2025-29149
Published: 20 March 2025
Summary
CVE-2025-29149 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda I12 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces bounds checking and validation on user-supplied inputs like the ping1 parameter to prevent stack-based buffer overflows.
Implements memory protection mechanisms such as stack canaries or DEP to mitigate exploitation of stack-based buffer overflows even if input validation fails.
Requires identification, reporting, and correction of flaws like this buffer overflow vulnerability through timely firmware patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote unauthenticated buffer overflow in a public-facing web interface (formSetAutoPing on the router), directly enabling T1190 for initial exploitation. The resulting crash provides denial of service, mapping to T1499.004 via application/system exploitation.
NVD Description
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.
Deeper analysisAI
CVE-2025-29149 is a stack-based buffer overflow vulnerability (CWE-121) affecting the Tenda i12 router running firmware version V1.0.0.10(3805). The flaw resides in the formSetAutoPing function, where the ping1 parameter triggers the overflow due to insufficient bounds checking on user-supplied input. This issue was publicly disclosed on March 20, 2025, and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for denial-of-service impacts.
An unauthenticated attacker can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By sending a specially crafted request to the vulnerable endpoint, the attacker can trigger a buffer overflow, leading to a crash of the affected component and potential denial of service on the device. The CVSS vector confirms no privileges, user interaction, or scope changes are needed, while confidentiality and integrity remain unaffected.
References point to a GitHub repository detailing the vulnerability, including what appears to be proof-of-concept information at https://github.com/Raining-101/IOT_cve/blob/main/tenda%20i12formSetAutoPing_ping1.md, though no official vendor advisories or patches are specified in available details.
Details
- CWE(s)