Cyber Posture

CVE-2025-7544

HighPublic PoC

Published: 13 July 2025

Published
13 July 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0170 82.4th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7544 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac1206 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of the deviceList argument in formSetMacFilterCfg to prevent stack-based buffer overflows from malformed or oversized inputs.

SI-16 Memory Protection good match
prevent

Implements memory protections like stack canaries, ASLR, and non-executable memory to block exploitation of the stack buffer overflow for arbitrary code execution.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and remediation of the buffer overflow flaw in the Tenda AC1206 firmware via patching or secure code updates.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Stack-based buffer overflow in the router's public-facing web interface (/goform/setMacFilterCfg) via remote manipulation of deviceList enables exploitation of a public-facing application for potential RCE.

NVD Description

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated…

more

remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-7544 is a critical stack-based buffer overflow vulnerability, rated with a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), affecting the Tenda AC1206 router on firmware version 15.03.06.23. The flaw exists in the formSetMacFilterCfg function of the /goform/setMacFilterCfg file, where manipulation of the deviceList argument triggers the overflow, mapped to CWEs-119 and CWE-121.

An attacker with low privileges can exploit this issue remotely without user interaction, leading to high impacts on confidentiality, integrity, and availability. The vulnerability allows arbitrary code execution via the disclosed exploit, which has been made publicly available.

References point to GitHub repositories from panda666-888 detailing the vulnerability analysis and proof-of-concept exploit code, alongside VulDB entries documenting the issue (ctiid.316241, id.316241, submit.614089). No vendor patches or specific mitigations are mentioned in the available details.

Details

CWE(s)
CWE-119CWE-121

Affected Products

tenda
ac1206 firmware
15.03.06.23

CVEs Like This One

CVE-2025-10432Same product: Tenda Ac1206
CVE-2025-9523Same product: Tenda Ac1206
CVE-2026-0581Same product: Tenda Ac1206
CVE-2025-11324Same vendor: Tenda
CVE-2025-15006Same vendor: Tenda
CVE-2025-11528Same vendor: Tenda
CVE-2026-5989Same vendor: Tenda
CVE-2026-6016Same vendor: Tenda
CVE-2026-2908Same vendor: Tenda
CVE-2025-7792Same vendor: Tenda

References