CVE-2025-3328
Published: 07 April 2025
Summary
CVE-2025-3328 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac1206 Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability identified as CVE-2025-3328 exists in the Tenda AC1206 router running firmware version 15.03.06.23. It resides in the form_fast_setting_wifi_set function within the /goform/fast_setting_wifi_set endpoint, where unsanitized input to the ssid or timeZone parameters triggers a buffer overflow. The flaw is tracked under CWE-119, CWE-120, and CWE-787 and carries a CVSS 4.0 score of 8.7 reflecting network-accessible, low-complexity remote exploitation with high impact on confidentiality, integrity, and availability.
An authenticated attacker with network connectivity can supply crafted values to the affected parameters and overflow the buffer, enabling remote code execution or denial of service. The vulnerability can be triggered without user interaction, and the public disclosure includes proof-of-concept material that demonstrates successful exploitation against the listed firmware.
Exploit details and additional parameter analysis have been published on GitHub along with entries in the Vuldb database; no vendor advisory or firmware patch addressing the issue is referenced in the available sources. The associated EPSS score remains low, moving only from 0.0222 to a peak of 0.0269.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-9942
Vulnerability details
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack…
more
remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote buffer overflow in the Tenda AC1206 router's web interface (/goform/fast_setting_wifi_set) enables unauthenticated remote code execution or denial of service, facilitating exploitation of public-facing applications (T1190) and remote services (T1210).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.
Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.
Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.
Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.