CVE-2025-29363
Published: 13 March 2025
Summary
CVE-2025-29363 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda Rx3 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces validation and bounds checking on input parameters like schedStartTime and schedEndTime to directly prevent buffer overflows in the /goform/saveParentControlInfo endpoint.
Implements memory protections such as stack canaries and address space layout randomization to mitigate stack-based buffer overflow exploitation leading to DoS.
Provides denial-of-service protections like rate limiting and traffic filtering to block crafted packets targeting the vulnerable endpoint and prevent device crashes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in unauthenticated public-facing web endpoint (/goform/saveParentControlInfo) directly enables remote exploitation of the application for DoS via system crash.
NVD Description
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
Deeper analysisAI
CVE-2025-29363 is a buffer overflow vulnerability (CWE-120) affecting the Tenda RX3 router running firmware version US_RX3V1.0br_V16.03.13.11_multi_TDE01. The issue resides in the /goform/saveParentControlInfo endpoint, where the schedStartTime and schedEndTime parameters can be exploited due to insufficient bounds checking, leading to a stack-based buffer overflow. Published on 2025-03-13 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), it enables remote denial-of-service (DoS) conditions without impacting confidentiality or integrity.
Any unauthenticated attacker with network access to the vulnerable router can exploit this flaw by sending a specially crafted packet to the affected endpoint. The low attack complexity and lack of required privileges or user interaction make it straightforward to trigger, resulting in the device crashing or becoming unresponsive, thereby disrupting network services hosted by the router.
Advisories and detailed technical analysis, including proof-of-concept details, are available in the referenced GitHub documents at https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_7.pdf. No vendor patches or specific mitigation steps beyond upgrading firmware are detailed in the provided information.
Details
- CWE(s)