Cyber Resilience

CVE-2025-3328

HighPublic PoC

Published: 07 April 2025

Published
07 April 2025
Modified
07 April 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0222 84.9th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3328 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac1206 Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A vulnerability identified as CVE-2025-3328 exists in the Tenda AC1206 router running firmware version 15.03.06.23. It resides in the form_fast_setting_wifi_set function within the /goform/fast_setting_wifi_set endpoint, where unsanitized input to the ssid or timeZone parameters triggers a buffer overflow. The flaw is tracked under CWE-119, CWE-120, and CWE-787 and carries a CVSS 4.0 score of 8.7 reflecting network-accessible, low-complexity remote exploitation with high impact on confidentiality, integrity, and availability.

An authenticated attacker with network connectivity can supply crafted values to the affected parameters and overflow the buffer, enabling remote code execution or denial of service. The vulnerability can be triggered without user interaction, and the public disclosure includes proof-of-concept material that demonstrates successful exploitation against the listed firmware.

Exploit details and additional parameter analysis have been published on GitHub along with entries in the Vuldb database; no vendor advisory or firmware patch addressing the issue is referenced in the available sources. The associated EPSS score remains low, moving only from 0.0222 to a peak of 0.0269.

EU & UK References

Vulnerability details

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack…

more

remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The remote buffer overflow in the Tenda AC1206 router's web interface (/goform/fast_setting_wifi_set) enables unauthenticated remote code execution or denial of service, facilitating exploitation of public-facing applications (T1190) and remote services (T1210).

Affected Assets

tenda
ac1206 firmware
15.03.06.23

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-119 CWE-120

Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.

addresses: CWE-119 CWE-787

Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.

addresses: CWE-119

Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.

addresses: CWE-119

Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.

References