Cyber Resilience

CVE-2025-7586

HighPublic PoC

Published: 14 July 2025

Published
14 July 2025
Modified
17 July 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0157 81.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7586 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac500 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A vulnerability identified as CVE-2025-7586 affects the Tenda AC500 wireless access point running firmware version 2.0.1.9(1307). It resides in the formSetAPCfg function within the /goform/setWtpData endpoint, where improper handling of the radio_2g_1 argument permits a stack-based buffer overflow. The issue is tracked under CWE-119, CWE-121, and CWE-787 and carries a CVSS 4.0 score of 7.4, reflecting high impact on confidentiality, integrity, and availability when exploited over the network.

An authenticated remote attacker can supply a crafted radio_2g_1 value to trigger the overflow, potentially executing arbitrary code or crashing the device. Public proof-of-concept code has been released that demonstrates remote exploitation without user interaction, and the vulnerability is rated as exploitable in its current form.

The associated EPSS score remains flat at 0.0157 with no observed increase after disclosure. Available references consist of technical write-ups and exploit artifacts hosted on GitHub and VulDB, but no vendor patch or official mitigation guidance is referenced in the provided sources.

EU & UK References

Vulnerability details

A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer overflow. The attack can…

more

be launched remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the /goform/setWtpData web endpoint of Tenda AC500 router is remotely exploitable, enabling adversaries to exploit a public-facing application for initial access or code execution.

CVEs Like This One

CVE-2026-5152Same vendor: Tenda
CVE-2026-4961Same vendor: Tenda
CVE-2025-0349Same vendor: Tenda
CVE-2026-3973Same vendor: Tenda
CVE-2026-5155Same vendor: Tenda
CVE-2025-1814Same vendor: Tenda
CVE-2026-4906Same vendor: Tenda
CVE-2026-3975Same vendor: Tenda
CVE-2025-1853Same vendor: Tenda
CVE-2026-4960Same vendor: Tenda

Affected Assets

tenda
ac500 firmware
2.0.1.9\(1307\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely remediation of flaws like this stack-based buffer overflow through firmware patching, directly eliminating the vulnerability in the Tenda AC500 router.

prevent

SI-10 mandates input validation for parameters like radio_2g_1 in the /goform/setWtpData endpoint, preventing the buffer overflow exploitation.

prevent

SI-16 enforces memory protections such as stack canaries or ASLR, mitigating stack-based buffer overflow attempts even if the flaw exists.

References