CVE-2025-11523 – This vulnerability in Tenda AC7 routers allows ... (How to Fix)

Q: What is the severity of CVE-2025-11523?

CVE-2025-11523 has a CVSS score of 6.3 (MEDIUM). This vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary commands through command injection in the lanIp parameter of the AdvSetLanip endpoint. Attackers can potentially take full control of affected routers. Users with Tenda AC7 routers running vulnerable firmware are affected.

📋 TL;DR

This vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary commands through command injection in the lanIp parameter of the AdvSetLanip endpoint. Attackers can potentially take full control of affected routers. Users with Tenda AC7 routers running vulnerable firmware are affected.

💻 Affected Systems

Products:

Tenda AC7

Versions: 15.03.06.44

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default. No special configuration required.

📦 What is this software?

Ac7 Firmware by Tenda

View all CVEs affecting Ac7 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router allowing attacker to intercept traffic, modify DNS settings, install malware, pivot to internal network, or brick the device.

🟠

Likely Case

Router compromise leading to DNS hijacking, credential theft from network traffic, or installation of persistent backdoors.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication, making internet-exposed routers immediate targets.

🏢 Internal Only: MEDIUM - Requires attacker to be on local network, but still exploitable without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub. Attack requires sending crafted HTTP request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda website for latest firmware > 15.03.06.44

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Visit Tenda support website. 2. Download latest firmware for AC7 model. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router after installation.

🔧 Temporary Workarounds

Disable WAN Management

all

Prevent remote access to router management interface from internet

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace router with different model/brand
Place router behind firewall with strict inbound rules blocking access to port 80/443

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools. If version is 15.03.06.44, device is vulnerable.

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

After firmware update, verify version number has changed from 15.03.06.44 to newer version.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/AdvSetLanip with unusual lanIp parameters containing shell metacharacters
Unusual command execution in router logs

Network Indicators:

Unusual outbound connections from router to unknown IPs
DNS queries to suspicious domains from router

SIEM Query:

source="router_logs" AND (url="/goform/AdvSetLanip" AND (lanIp="*;*" OR lanIp="*|*" OR lanIp="*`*"))

📊 Metadata

CVE ID: CVE-2025-11523

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 1.03% exploit probability (76.9th percentile)

Published: October 9, 2025

Last Updated: October 9, 2025

🔗 References

https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC7/AdvSetLanip.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.327661 Permissions Required,VDB Entry
https://vuldb.com/?id.327661 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.669849 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11523, you might also want to check these: