CVE-2022-25435 – CVE-2022-25435 is a critical stack overflow vul... (How to Fix)

Q: What is the severity of CVE-2022-25435?

CVE-2022-25435 has a CVSS score of 9.8 (CRITICAL). CVE-2022-25435 is a critical stack overflow vulnerability in Tenda AC9 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the SetStaticRoutecfg function. This affects users of Tenda AC9 routers running vulnerable firmware versions. Successful exploitation could lead to complete device compromise.

📋 TL;DR

CVE-2022-25435 is a critical stack overflow vulnerability in Tenda AC9 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the SetStaticRoutecfg function. This affects users of Tenda AC9 routers running vulnerable firmware versions. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Tenda AC9

Versions: v15.03.2.21

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface. The vulnerability is in the firmware itself, not dependent on specific configurations.

📦 What is this software?

Ac9 Firmware by Tenda

View all CVEs affecting Ac9 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker gains full control of the router, enabling traffic interception, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Attacker executes arbitrary code with root privileges, potentially creating botnet nodes, intercepting network traffic, or disabling the router.

🟢

If Mitigated

With proper network segmentation and firewall rules, impact is limited to the router itself without lateral movement to other network devices.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and the exploit requires no authentication, making them prime targets for automated attacks.

🏢 Internal Only: MEDIUM - If the router's admin interface is only accessible internally, risk is reduced but still significant due to potential internal threats.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda website for latest firmware > v15.03.2.21

Vendor Advisory: https://www.tendacn.com/en/

Restart Required: Yes

Instructions:

1. Visit Tenda official website 2. Download latest firmware for AC9 3. Log into router admin interface 4. Navigate to System Tools > Firmware Upgrade 5. Upload and install new firmware 6. Reboot router

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router admin interface

Network Segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Replace affected router with patched or different model
Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools

Check Version:

No CLI command - check via web interface at http://router_ip

Verify Fix Applied:

Verify firmware version is newer than v15.03.2.21 after patching

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetStaticRoutecfg
Multiple failed exploitation attempts
Unexpected router reboots

Network Indicators:

Unusual outbound connections from router
Traffic patterns suggesting router compromise

SIEM Query:

source="router_logs" AND (uri="/goform/SetStaticRoutecfg" OR message="stack overflow")

📊 Metadata

CVE ID: CVE-2022-25435

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 18, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/7 Exploit,Third Party Advisory
https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/7 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25435, you might also want to check these: