Cyber Resilience

CVE-2025-29357

HighPublic PoC

Published: 13 March 2025

Published
13 March 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0020 41.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29357 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Tenda Rx3 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-29357 is a buffer overflow vulnerability affecting the Tenda RX3 router on firmware version US_RX3V1.0br_V16.03.13.11_multi_TDE01. The issue resides in the /goform/SetPptpServerCfg endpoint, where the startIp and endIp parameters can trigger the overflow. Published on 2025-03-13, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-404.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a specially crafted packet to the vulnerable endpoint, they can cause a buffer overflow, resulting in a Denial of Service (DoS) that disrupts router availability.

A reference document detailing the vulnerability is available at https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_4.pdf.

EU & UK References

Vulnerability details

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The buffer overflow in the public-facing /goform/SetPptpServerCfg web endpoint on the Tenda RX3 router allows unauthenticated remote exploitation over the network to cause DoS, directly mapping to T1190 Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2185Same product: Tenda Rx3
CVE-2026-2187Same product: Tenda Rx3
CVE-2026-2180Same product: Tenda Rx3
CVE-2026-2186Same product: Tenda Rx3
CVE-2025-29361Same product: Tenda Rx3
CVE-2025-29363Same product: Tenda Rx3
CVE-2026-2181Same product: Tenda Rx3
CVE-2025-29362Same product: Tenda Rx3
CVE-2025-29359Same product: Tenda Rx3
CVE-2025-29358Same product: Tenda Rx3

Affected Assets

tenda
rx3 firmware
16.03.13.11_multi_tde01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates startIp and endIp parameters to prevent buffer overflows from crafted packets at the /goform/SetPptpServerCfg endpoint.

prevent

Implements memory safeguards like DEP or stack canaries to block unauthorized code execution from buffer overflows causing DoS.

prevent

Requires timely remediation of the identified buffer overflow flaw in Tenda RX3 firmware to eliminate the vulnerability.

References