CVE-2022-25561 – Tenda AX12 routers running firmware v22.03.01.2... (How to Fix)

Q: What is the severity of CVE-2022-25561?

CVE-2022-25561 has a CVSS score of 7.5 (HIGH). Tenda AX12 routers running firmware v22.03.01.21 contain a stack overflow vulnerability in the sub_42DE00 function. Attackers can exploit this via the list parameter to cause a Denial of Service (DoS), potentially crashing the device. This affects all users of Tenda AX12 routers with the vulnerable firmware version.

📋 TL;DR

Tenda AX12 routers running firmware v22.03.01.21 contain a stack overflow vulnerability in the sub_42DE00 function. Attackers can exploit this via the list parameter to cause a Denial of Service (DoS), potentially crashing the device. This affects all users of Tenda AX12 routers with the vulnerable firmware version.

💻 Affected Systems

Products:

Tenda AX12

Versions: v22.03.01.21

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific firmware version. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Ax12 Firmware by Tenda

View all CVEs affecting Ax12 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, potentially leading to extended network downtime and service disruption.

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality, causing temporary network outage.

🟢

If Mitigated

If properly segmented and monitored, impact limited to isolated network segment with quick recovery possible.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN interfaces.

🏢 Internal Only: MEDIUM - Could be exploited from internal network if attacker gains access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains vulnerability details and likely exploit code. DoS exploits typically require minimal sophistication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda support site for firmware updates. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router management interface

Login to router admin → System Tools → Remote Management → Disable

Network segmentation

all

Isolate router management interface to trusted network only

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

Replace with different router model or firmware version
Implement network monitoring for DoS attempts against router

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

Login to router web interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version is no longer v22.03.01.21 after update

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
Unusual traffic patterns to router management interface

Network Indicators:

Multiple malformed requests to router on port 80/443
Sudden loss of router responsiveness

SIEM Query:

source="router_logs" AND (event="crash" OR event="reboot") OR dest_ip="router_ip" AND (uri CONTAINS "list" OR method="POST")

📊 Metadata

CVE ID: CVE-2022-25561

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: March 10, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/5 Exploit,Third Party Advisory
https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/5 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25561, you might also want to check these: