CVE-2025-29361
Published: 13 March 2025
Summary
CVE-2025-29361 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda Rx3 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires bounds checking and validation of the 'list' parameter in /goform/SetVirtualServerCfg to directly prevent buffer overflow from malformed crafted packets.
Implements memory protections such as stack canaries and address space layout randomization to mitigate exploitation of the buffer overflow leading to device crash.
Mandates identification, reporting, and correction of the specific buffer overflow flaw via firmware patching for the vulnerable Tenda RX3 version.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing router web endpoint (/goform/SetVirtualServerCfg) directly enables remote exploitation of the application (T1190) to crash the device and deny service (T1499.004).
NVD Description
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
Deeper analysisAI
CVE-2025-29361 is a buffer overflow vulnerability (CWE-120) affecting the Tenda RX3 router running firmware version US_RX3V1.0br_V16.03.13.11_multi_TDE01. The issue resides in the handling of the "list" parameter within the /goform/SetVirtualServerCfg endpoint, where insufficient bounds checking allows overflow conditions when processing malformed input.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility without authentication or user interaction. Remote attackers can exploit it by sending a specially crafted packet to the vulnerable endpoint, triggering the buffer overflow and causing a denial-of-service condition that crashes the device.
References for this CVE include detailed documentation in PDF format hosted on GitHub at https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_5.pdf, which likely provides proof-of-concept exploit details, though specific mitigation or patch guidance is not detailed in the available CVE information.
Details
- CWE(s)