CVE-2025-11526 – This vulnerability in Tenda AC7 routers allows ... (How to Fix)

Q: What is the severity of CVE-2025-11526?

CVE-2025-11526 has a CVSS score of 8.8 (HIGH). This vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the WifiMacFilterSet function. It affects users of Tenda AC7 firmware version 15.03.06.44, potentially leading to full device compromise. The exploit is publicly available, increasing the risk of widespread attacks.

📋 TL;DR

This vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the WifiMacFilterSet function. It affects users of Tenda AC7 firmware version 15.03.06.44, potentially leading to full device compromise. The exploit is publicly available, increasing the risk of widespread attacks.

💻 Affected Systems

Products:

Tenda AC7

Versions: 15.03.06.44

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects routers with the vulnerable firmware version; no specific configuration changes are required for exploitation.

📦 What is this software?

Ac7 Firmware by Tenda

View all CVEs affecting Ac7 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router takeover, enabling data interception, network disruption, or use as a botnet node.

🟠

Likely Case

Router compromise allowing attackers to modify settings, steal credentials, or launch further attacks on connected devices.

🟢

If Mitigated

Limited impact if isolated from the internet or patched, with potential for denial-of-service if exploitation fails.

🌐 Internet-Facing: HIGH, as the vulnerability is remotely exploitable and affects internet-facing routers with default configurations.

🏢 Internal Only: LOW, as exploitation typically requires external access unless an attacker is already inside the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making it accessible to attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check Tenda's official website or support channels for firmware updates; if unavailable, consider workarounds or replacement.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to the router's web interface to block remote exploitation.

Access router settings via web interface, navigate to remote management section, and disable it.

Restrict network access

all

Use firewall rules to limit inbound traffic to the router's administrative interface.

Configure firewall to block external access to port 80/443 on the router's IP.

🧯 If You Can't Patch

Replace the router with a model that receives security updates.
Isolate the router in a segmented network to limit potential damage from compromise.

🔍 How to Verify

Check if Vulnerable:

Check the firmware version in the router's web interface under System Status or similar section.

Check Version:

Log into the router's web interface and navigate to the firmware information page; no CLI command is typically available.

Verify Fix Applied:

Update to a newer firmware version if available and confirm the version has changed from 15.03.06.44.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/WifiMacFilterSet with manipulated wifi_chkHz parameter.

Network Indicators:

Suspicious traffic patterns to the router's administrative port from external IPs.

SIEM Query:

source_ip:external AND destination_port:80 AND uri_path:"/goform/WifiMacFilterSet"

📊 Metadata

CVE ID: CVE-2025-11526

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.15% exploit probability (34.8th percentile)

Published: October 9, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC7/WifiMacFilterSet.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.327664 Permissions Required,VDB Entry
https://vuldb.com/?id.327664 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.669854 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.669861 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC7/WifiMacFilterSet.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11526, you might also want to check these: