CVE-2025-0528 – This critical vulnerability in Tenda AC8, AC10,... (How to Fix)

Q: What is the severity of CVE-2025-0528?

CVE-2025-0528 has a CVSS score of 7.2 (HIGH). This critical vulnerability in Tenda AC8, AC10, and AC18 routers allows remote attackers to execute arbitrary commands via command injection in the HTTP request handler for the /goform/telnet endpoint. Attackers can gain full control of affected devices without authentication. Organizations and home users using these specific router models are affected.

📋 TL;DR

This critical vulnerability in Tenda AC8, AC10, and AC18 routers allows remote attackers to execute arbitrary commands via command injection in the HTTP request handler for the /goform/telnet endpoint. Attackers can gain full control of affected devices without authentication. Organizations and home users using these specific router models are affected.

💻 Affected Systems

Products:

Tenda AC8
Tenda AC10
Tenda AC18

Versions: 16.03.10.20

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to network compromise, data exfiltration, lateral movement to other devices, and persistent backdoor installation.

🟠

Likely Case

Router compromise allowing attackers to intercept network traffic, modify DNS settings, deploy malware to connected devices, and use the device for botnet activities.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though device functionality may still be disrupted.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely without authentication, making internet-exposed devices immediate targets.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this, but requires network access to the vulnerable endpoint.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making this easily weaponizable by attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda website for latest firmware

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Visit Tenda support website. 2. Download latest firmware for your model. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router admin interface

Network segmentation

all

Isolate vulnerable routers from critical network segments

🧯 If You Can't Patch

Replace affected routers with patched or different models
Implement strict network access controls to limit access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools

Check Version:

Login to router admin interface and check System Status page

Verify Fix Applied:

Confirm firmware version is updated beyond 16.03.10.20 and test that /goform/telnet endpoint no longer accepts malicious input

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/telnet
Telnet service activation logs
Unusual command execution in system logs

Network Indicators:

Unexpected outbound connections from router
Telnet traffic from router to unknown destinations
HTTP requests with command injection patterns to router

SIEM Query:

source="router_logs" AND (uri="/goform/telnet" OR cmd="telnet") AND (method="POST" OR status="200")

📊 Metadata

CVE ID: CVE-2025-0528

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-74

EPSS Score: 5.59% exploit probability (90.1th percentile)

Published: January 17, 2025

Last Updated: May 28, 2025

🔗 References

https://github.com/Pr0b1em/IoT/blob/master/TendaAC10v16.03.10.20telnet.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.292412 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.292412 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.478175 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/Pr0b1em/IoT/blob/master/TendaAC10v16.03.10.20telnet.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0528, you might also want to check these: