CVE-2025-55606

HighPublic PoC

Published: 22 August 2025

Published

22 August 2025

Modified

26 September 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0013 32.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55606 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda Ax3 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow vulnerability in the web interface of Tenda AX3 router (public-facing application) enables remote code execution via exploitation.

NVD Description

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.

Deeper analysisAI

CVE-2025-55606 is a buffer overflow vulnerability (CWE-120) affecting the Tenda AX3 router running firmware version V16.03.12.10_CN. The issue resides in the fromAdvSetMacMtuWan function, which can be triggered via the serverName parameter. It has a CVSS v3.1 base score of 7.5, rated as high severity due to its network accessibility and potential for disruption.

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation leads to a denial-of-service condition (high availability impact) by causing the device to crash or reboot, with no impact on confidentiality or integrity.

References for this vulnerability include GitHub documentation at https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_44/44.md, which provides details on the issue. No specific patches or mitigation steps are detailed in the available information.

Details

CWE(s): CWE-120

Affected Products

tenda

ax3 firmware

16.03.12.10_cn

CVEs Like This One

CVE-2025-55603Same product: Tenda Ax3

CVE-2025-55605Same product: Tenda Ax3

CVE-2025-69763Same product: Tenda Ax3

CVE-2025-69762Same product: Tenda Ax3

CVE-2025-69765Same product: Tenda Ax3

CVE-2025-69764Same product: Tenda Ax3

CVE-2025-69766Same product: Tenda Ax3

CVE-2025-71024Same product: Tenda Ax3

CVE-2025-71023Same product: Tenda Ax3

CVE-2025-71026Same product: Tenda Ax3

References

https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_44/44.md
Exploit, Third Party Advisory · cve@mitre.org
https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_44/44.md
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0