CVE-2025-8017

HighPublic PoC

Published: 22 July 2025

Published

22 July 2025

Modified

01 August 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0059 69.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8017 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac7 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the stack-based buffer overflow in formSetMacFilterCfg by applying firmware updates to eliminate the flaw.

SI-10 Information Input Validation good match

prevent

Validates the deviceList input to the /goform/setMacFilterCfg endpoint to prevent stack buffer overflow from malformed data.

SI-16 Memory Protection good match

prevent

Implements memory protections such as stack canaries and non-executable stacks to mitigate exploitation of the stack-based buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in the router's public httpd web endpoint (/goform/setMacFilterCfg) directly enables remote exploitation of a public-facing application, resulting in arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is…

possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-8017 is a critical stack-based buffer overflow vulnerability affecting the Tenda AC7 router running firmware version 15.03.06.44. The issue resides in the formSetMacFilterCfg function within the /goform/setMacFilterCfg endpoint of the httpd component. By manipulating the deviceList argument, an attacker can trigger the overflow, as classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). The vulnerability carries a CVSS v3.1 base score of 8.8.

The vulnerability enables remote exploitation over the network with low attack complexity and requires low privileges (PR:L), such as those of an authenticated user, with no user interaction needed. Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution on the device.

Advisories from VulDB (ctiid.317220, id.317220) document the vulnerability details and submission, while a GitHub repository by Thir0th provides a proof-of-concept exploit demonstrating the stack overflow in parse_macfilter_rule. The Tenda vendor website is referenced, but no specific patches or mitigations are detailed in the available information. Security practitioners should monitor for firmware updates and restrict access to the affected endpoint.

The exploit has been publicly disclosed, increasing the risk of real-world attacks against unpatched Tenda AC7 devices.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

ac7 firmware

15.03.06.44

CVEs Like This One

CVE-2025-11528Same product: Tenda Ac7

CVE-2025-11525Same product: Tenda Ac7

CVE-2025-11527Same product: Tenda Ac7

CVE-2025-1851Same product: Tenda Ac7

CVE-2025-11526Same product: Tenda Ac7

CVE-2025-11586Same product: Tenda Ac7

CVE-2025-11524Same product: Tenda Ac7

CVE-2025-29135Same product: Tenda Ac7

CVE-2026-4974Same product: Tenda Ac7

CVE-2025-29137Same product: Tenda Ac7

References

https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda_AC7%20V1.0_V15.03.06.44%20has%20a%20stack%20overflow%20vulnerability%20in%20parse_macfilter_rule.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.317220
Permissions Required · cna@vuldb.com
https://vuldb.com/?id.317220
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.619364
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com