Cyber Resilience

CVE-2025-29214

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0029 52.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29214 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ax12 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-29214, published on 2025-03-20, is a stack-based buffer overflow vulnerability (CWE-121) affecting the Tenda AX12 router in version v22.03.01.46_CN. The flaw occurs in the sub_42F69C function, which is triggered via the /goform/setMacFilterCfg endpoint.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low attack complexity, no required privileges, and no user interaction. Remote attackers can achieve denial of service by crashing the affected device, disrupting availability without impacting confidentiality or integrity.

References to the vulnerability include a GitHub Gist and a technical PDF document detailing the stack overflow, which appear to provide proof-of-concept information but do not specify mitigations or patches.

EU & UK References

Vulnerability details

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The CVE describes remote exploitation of a stack buffer overflow in a router's public web interface endpoint (/goform/setMacFilterCfg), directly enabling T1190 (Exploit Public-Facing Application) for initial access attempts and T1499.004 (Application or System Exploitation) to crash the device and achieve denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-70744Same vendor: Tenda
CVE-2025-70644Same vendor: Tenda
CVE-2025-70648Same vendor: Tenda
CVE-2025-71019Same vendor: Tenda
CVE-2025-70656Same vendor: Tenda
CVE-2025-71021Same vendor: Tenda
CVE-2025-69700Same vendor: Tenda
CVE-2025-29121Same vendor: Tenda
CVE-2025-29101Same vendor: Tenda
CVE-2025-70746Same vendor: Tenda

Affected Assets

tenda
ax12 firmware
22.03.01.46_cn

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the stack overflow by validating inputs to the /goform/setMacFilterCfg endpoint for length and format to prevent buffer overruns.

prevent

Requires timely remediation of the identified buffer overflow flaw in Tenda AX12 firmware via patching or updates.

prevent

Implements memory protections like stack canaries and ASLR to prevent successful exploitation of the stack-based buffer overflow leading to DoS.

References