CVE-2024-25756 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2024-25756?

CVE-2024-25756 has a CVSS score of 8.0 (HIGH). A stack-based buffer overflow vulnerability in Tenda AC9 v.3.0 routers allows remote attackers to execute arbitrary code via the formWifiBasicSet function. This affects users running firmware version v.15.03.06.42_multi, potentially giving attackers full control over the device.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda AC9 v.3.0 routers allows remote attackers to execute arbitrary code via the formWifiBasicSet function. This affects users running firmware version v.15.03.06.42_multi, potentially giving attackers full control over the device.

💻 Affected Systems

Products:

Tenda AC9 v.3.0

Versions: v.15.03.06.42_multi

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface; no special configuration required for exploitation.

📦 What is this software?

Ac9 Firmware by Tenda

View all CVEs affecting Ac9 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, allowing attackers to install malware, pivot to internal networks, or create persistent backdoors.

🟠

Likely Case

Remote attackers gaining administrative access to the router, enabling network traffic interception, DNS hijacking, or denial of service.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal threats remain possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details and proof-of-concept code are publicly available in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check Tenda's official website for firmware updates. If available, download the latest firmware and apply via the router's web interface under System Tools > Firmware Upgrade.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the router's web interface by disabling remote management features.

Restrict Network Access

all

Use firewall rules to block external access to the router's management interface (typically port 80/443).

🧯 If You Can't Patch

Replace affected devices with patched or different models
Segment network to isolate vulnerable routers from critical systems

🔍 How to Verify

Check if Vulnerable:

Access router web interface, navigate to System Tools > System Status, check firmware version matches v.15.03.06.42_multi.

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version has been updated to a version later than v.15.03.06.42_multi.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/formWifiBasicSet with large payloads
Multiple failed login attempts followed by exploitation attempts

Network Indicators:

Unexpected outbound connections from router to unknown IPs
Traffic patterns suggesting router compromise

SIEM Query:

Not provided

📊 Metadata

CVE ID: CVE-2024-25756

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: February 22, 2024

Last Updated: March 13, 2025

🔗 References

https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/formWifiBasicSet.md Third Party Advisory
https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/formWifiBasicSet.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25756, you might also want to check these: