CVE-2025-29357
Published: 13 March 2025
Summary
CVE-2025-29357 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Tenda Rx3 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-29357 is a buffer overflow vulnerability affecting the Tenda RX3 router on firmware version US_RX3V1.0br_V16.03.13.11_multi_TDE01. The issue resides in the /goform/SetPptpServerCfg endpoint, where the startIp and endIp parameters can trigger the overflow. Published on 2025-03-13, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-404.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a specially crafted packet to the vulnerable endpoint, they can cause a buffer overflow, resulting in a Denial of Service (DoS) that disrupts router availability.
A reference document detailing the vulnerability is available at https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_4.pdf.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6267
Vulnerability details
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The buffer overflow in the public-facing /goform/SetPptpServerCfg web endpoint on the Tenda RX3 router allows unauthenticated remote exploitation over the network to cause DoS, directly mapping to T1190 Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates startIp and endIp parameters to prevent buffer overflows from crafted packets at the /goform/SetPptpServerCfg endpoint.
Implements memory safeguards like DEP or stack canaries to block unauthorized code execution from buffer overflows causing DoS.
Requires timely remediation of the identified buffer overflow flaw in Tenda RX3 firmware to eliminate the vulnerability.