CVE-2025-7422
Published: 11 July 2025
Summary
CVE-2025-7422 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda O3 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates the 'week' argument input to the setAutoReboot function, preventing the stack-based buffer overflow triggered by malformed data.
Implements memory protections like stack canaries and non-executable stacks to mitigate exploitation of the stack-based buffer overflow even if input validation fails.
Ensures timely patching of the vulnerable firmware version 1.0.0.12(3880) to remediate the buffer overflow in the httpd component.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the httpd web component (/goform/setNetworkService) of the Tenda O3V2 router enables remote exploitation of a public-facing application for potential code execution.
NVD Description
A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880). Affected is the function setAutoReboot of the file /goform/setNetworkService of the component httpd. The manipulation of the argument week leads to stack-based buffer overflow. It is possible to…
more
launch the attack remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7422 is a critical stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting the Tenda O3V2 router on firmware version 1.0.0.12(3880). The flaw exists in the httpd component, specifically within the setAutoReboot function processed by the /goform/setNetworkService endpoint. Manipulation of the 'week' argument triggers the overflow, as detailed in the vulnerability disclosure published on 2025-07-11.
Attackers can exploit this vulnerability remotely over the network, requiring low privileges (PR:L) and no user interaction (UI:N), with low attack complexity (AC:L). The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution on the affected device.
Advisories on VulDB (ctiid.315882, id.315882, submit.608868) document the issue, while a GitHub repository (wudipjq/my_vuln) provides a proof-of-concept exploit under Tenda3/vuln_55/55.md, including details and POC code. The exploit has been publicly disclosed and may be used in attacks.
Details
- CWE(s)