CVE-2025-7586
Published: 14 July 2025
Summary
CVE-2025-7586 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac500 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely remediation of flaws like this stack-based buffer overflow through firmware patching, directly eliminating the vulnerability in the Tenda AC500 router.
SI-10 mandates input validation for parameters like radio_2g_1 in the /goform/setWtpData endpoint, preventing the buffer overflow exploitation.
SI-16 enforces memory protections such as stack canaries or ASLR, mitigating stack-based buffer overflow attempts even if the flaw exists.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the /goform/setWtpData web endpoint of Tenda AC500 router is remotely exploitable, enabling adversaries to exploit a public-facing application for initial access or code execution.
NVD Description
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer overflow. The attack can…
more
be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7586 is a critical stack-based buffer overflow vulnerability in the Tenda AC500 router running firmware version 2.0.1.9(1307). The issue resides in the formSetAPCfg function within the /goform/setWtpData endpoint, where manipulation of the radio_2g_1 argument triggers the overflow. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write), it carries a CVSS v3.1 base score of 8.8.
The vulnerability can be exploited remotely over the network by an attacker with low privileges (PR:L) and no requirement for user interaction (UI:N). Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially leading to full router compromise, arbitrary code execution, or denial of service.
References, including a public proof-of-concept on GitHub and entries on VulDB, detail the vulnerability and exploitation method but do not specify vendor patches or mitigations. Security practitioners should monitor for firmware updates from Tenda and apply network segmentation to limit access to the affected endpoint.
The exploit has been publicly disclosed, increasing the risk of active exploitation against unpatched Tenda AC500 devices.
Details
- CWE(s)