CVE-2025-11356 – A buffer overflow vulnerability in Tenda AC23 r... (How to Fix)

Q: What is the severity of CVE-2025-11356?

CVE-2025-11356 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in Tenda AC23 routers allows remote attackers to execute arbitrary code by exploiting improper input validation in the sscanf function. This affects Tenda AC23 routers running firmware versions up to 16.03.07.52. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A buffer overflow vulnerability in Tenda AC23 routers allows remote attackers to execute arbitrary code by exploiting improper input validation in the sscanf function. This affects Tenda AC23 routers running firmware versions up to 16.03.07.52. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda AC23

Versions: Up to 16.03.07.52

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. The vulnerable endpoint is accessible via the web interface.

📦 What is this software?

Ac23 Firmware by Tenda

View all CVEs affecting Ac23 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, creation of persistent backdoors, lateral movement into internal networks, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing routers directly exposed to attackers.

🏢 Internal Only: MEDIUM - Internal devices could still be exploited by attackers who have gained initial network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists in GitHub repositories. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC23 model. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router after update completes.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Implement strict firewall rules blocking all inbound traffic to router management interface
Replace vulnerable devices with patched or alternative router models

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 16.03.07.52 or lower, device is vulnerable.

Check Version:

Login to router web interface and check System Status or Firmware Upgrade section

Verify Fix Applied:

Verify firmware version is higher than 16.03.07.52 after update.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetStaticRouteCfg
Multiple failed buffer overflow attempts
Unexpected router reboots or configuration changes

Network Indicators:

Exploit traffic patterns to router management interface
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (uri="/goform/SetStaticRouteCfg" OR message="buffer overflow")

📊 Metadata

CVE ID: CVE-2025-11356

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (33.8th percentile)

Published: October 7, 2025

Last Updated: October 9, 2025

🔗 References

https://github.com/cymiao1978/cve/blob/main/12.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.327241 Permissions Required,VDB Entry
https://vuldb.com/?id.327241 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.664923 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11356, you might also want to check these: