CVE-2025-7586
Published: 14 July 2025
Summary
CVE-2025-7586 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac500 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A vulnerability identified as CVE-2025-7586 affects the Tenda AC500 wireless access point running firmware version 2.0.1.9(1307). It resides in the formSetAPCfg function within the /goform/setWtpData endpoint, where improper handling of the radio_2g_1 argument permits a stack-based buffer overflow. The issue is tracked under CWE-119, CWE-121, and CWE-787 and carries a CVSS 4.0 score of 7.4, reflecting high impact on confidentiality, integrity, and availability when exploited over the network.
An authenticated remote attacker can supply a crafted radio_2g_1 value to trigger the overflow, potentially executing arbitrary code or crashing the device. Public proof-of-concept code has been released that demonstrates remote exploitation without user interaction, and the vulnerability is rated as exploitable in its current form.
The associated EPSS score remains flat at 0.0157 with no observed increase after disclosure. Available references consist of technical write-ups and exploit artifacts hosted on GitHub and VulDB, but no vendor patch or official mitigation guidance is referenced in the provided sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21324
Vulnerability details
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer overflow. The attack can…
more
be launched remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the /goform/setWtpData web endpoint of Tenda AC500 router is remotely exploitable, enabling adversaries to exploit a public-facing application for initial access or code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely remediation of flaws like this stack-based buffer overflow through firmware patching, directly eliminating the vulnerability in the Tenda AC500 router.
SI-10 mandates input validation for parameters like radio_2g_1 in the /goform/setWtpData endpoint, preventing the buffer overflow exploitation.
SI-16 enforces memory protections such as stack canaries or ASLR, mitigating stack-based buffer overflow attempts even if the flaw exists.