Cyber Posture

CVE-2025-29214

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
25 March 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0029 52.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29214 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ax12 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates the stack overflow by validating inputs to the /goform/setMacFilterCfg endpoint for length and format to prevent buffer overruns.

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the identified buffer overflow flaw in Tenda AX12 firmware via patching or updates.

SI-16 Memory Protection good match
prevent

Implements memory protections like stack canaries and ASLR to prevent successful exploitation of the stack-based buffer overflow leading to DoS.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

The CVE describes remote exploitation of a stack buffer overflow in a router's public web interface endpoint (/goform/setMacFilterCfg), directly enabling T1190 (Exploit Public-Facing Application) for initial access attempts and T1499.004 (Application or System Exploitation) to crash the device and achieve denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.

Deeper analysisAI

CVE-2025-29214, published on 2025-03-20, is a stack-based buffer overflow vulnerability (CWE-121) affecting the Tenda AX12 router in version v22.03.01.46_CN. The flaw occurs in the sub_42F69C function, which is triggered via the /goform/setMacFilterCfg endpoint.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low attack complexity, no required privileges, and no user interaction. Remote attackers can achieve denial of service by crashing the affected device, disrupting availability without impacting confidentiality or integrity.

References to the vulnerability include a GitHub Gist and a technical PDF document detailing the stack overflow, which appear to provide proof-of-concept information but do not specify mitigations or patches.

Details

CWE(s)
CWE-121

Affected Products

tenda
ax12 firmware
22.03.01.46_cn

CVEs Like This One

CVE-2025-70651Same vendor: Tenda
CVE-2025-70746Same vendor: Tenda
CVE-2025-29121Same vendor: Tenda
CVE-2025-70656Same vendor: Tenda
CVE-2025-70747Same vendor: Tenda
CVE-2025-71023Same vendor: Tenda
CVE-2025-71019Same vendor: Tenda
CVE-2025-70646Same vendor: Tenda
CVE-2025-71021Same vendor: Tenda
CVE-2025-69700Same vendor: Tenda

References