CVE-2025-29387
Published: 14 March 2025
Summary
CVE-2025-29387 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Tenda Ac9 Firmware. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-29387 is a stack-based buffer overflow in Tenda AC9 v1.0 firmware version V15.03.05.14_multi. The flaw exists in the wanSpeed parameter handler within the /goform/AdvSetMacMtuWan endpoint and is tracked under CWE-787 and CWE-121. Successful exploitation can result in remote arbitrary code execution on the affected router.
An attacker with authenticated network access can supply a crafted wanSpeed value to trigger the overflow. The CVSS vector (AV:N/AC:H/PR:L/UI:R) indicates that the attack requires user interaction and relatively high complexity, yet yields full control over confidentiality, integrity, and availability once successful.
The single public reference is a technical disclosure containing proof-of-concept details for the wanSpeed overflow. No vendor advisory or firmware patch information is included in the available references.
EPSS for the CVE rose from a low baseline to a recorded peak of 0.0384 before settling at the current value of 0.0201, indicating measurable post-disclosure exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6521
Vulnerability details
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack overflow in the /goform/AdvSetMacMtuWan web endpoint of the Tenda AC9 router enables remote arbitrary code execution on a public-facing network device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of the wanSpeed parameter in the /goform/AdvSetMacMtuWan endpoint to prevent stack buffer overflow from crafted inputs.
Deploys memory protection mechanisms such as stack canaries, ASLR, and DEP to mitigate exploitation of the stack-based buffer overflow vulnerability.
Mandates timely flaw remediation through firmware updates to eliminate the stack overflow in Tenda AC9 v1.0 V15.03.05.14_multi.