CVE-2025-11550 – A null pointer dereference vulnerability in Ten... (How to Fix)

Q: What is the severity of CVE-2025-11550?

CVE-2025-11550 has a CVSS score of 6.5 (MEDIUM). A null pointer dereference vulnerability in Tenda W12 routers allows remote attackers to cause denial of service by sending specially crafted HTTP requests to the wifiScheduledSet function. This affects Tenda W12 router users running vulnerable firmware versions. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A null pointer dereference vulnerability in Tenda W12 routers allows remote attackers to cause denial of service by sending specially crafted HTTP requests to the wifiScheduledSet function. This affects Tenda W12 router users running vulnerable firmware versions. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda W12

Versions: 3.0.0.6(3948)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default.

📦 What is this software?

W12 Firmware by Tenda

View all CVEs affecting W12 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical power cycle, disrupting all network connectivity for connected devices.

🟠

Likely Case

Router becomes unresponsive or reboots, causing temporary network outage until automatic recovery.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring detecting exploitation attempts.

🌐 Internet-Facing: HIGH - Vulnerability is remotely exploitable via HTTP requests without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub demonstrates exploitation via HTTP POST request.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda website for firmware updates beyond 3.0.0.6(3948)

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Visit Tenda support website. 2. Download latest firmware for W12 model. 3. Access router admin interface. 4. Upload and apply firmware update. 5. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Replace vulnerable router with updated model or different vendor
Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface matches 3.0.0.6(3948)

Check Version:

Login to router admin interface and check firmware version in system status

Verify Fix Applied:

Confirm firmware version has changed from 3.0.0.6(3948) after update

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/modules with wifiScheduledSet parameter
Router crash/reboot events in system logs

Network Indicators:

HTTP traffic to router management interface with suspicious POST parameters
Sudden loss of router connectivity

SIEM Query:

source="router_logs" AND (uri="/goform/modules" AND method="POST" AND params CONTAINS "wifiScheduledSet")

📊 Metadata

CVE ID: CVE-2025-11550

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-404

EPSS Score: 0.12% exploit probability (30.8th percentile)

Published: October 9, 2025

Last Updated: October 20, 2025

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/Tenda_W12/cgiWifiScheduledSet/cgiWifiScheduledSet.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.327709 Permissions Required,VDB Entry
https://vuldb.com/?id.327709 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.670118 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/Tenda_W12/cgiWifiScheduledSet/cgiWifiScheduledSet.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11550, you might also want to check these: