CVE-2025-12225 – This vulnerability in Tenda AC6 routers allows ... (How to Fix)

Q: What is the severity of CVE-2025-12225?

CVE-2025-12225 has a CVSS score of 8.8 (HIGH). This vulnerability in Tenda AC6 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the WifiGuestSet HTTP handler. Attackers can exploit this by sending specially crafted HTTP requests to manipulate the shareSpeed parameter. All users running the affected firmware version are at risk.

📋 TL;DR

This vulnerability in Tenda AC6 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the WifiGuestSet HTTP handler. Attackers can exploit this by sending specially crafted HTTP requests to manipulate the shareSpeed parameter. All users running the affected firmware version are at risk.

💻 Affected Systems

Products:

Tenda AC6

Versions: 15.03.06.50

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default HTTP request handler for guest WiFi settings.

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and potential lateral movement to connected devices.

🟠

Likely Case

Router takeover allowing traffic interception, DNS manipulation, credential theft, and deployment of persistent malware.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted HTTP access or if exploit attempts are blocked by network security controls.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via HTTP requests, making internet-facing devices immediate targets.

🏢 Internal Only: HIGH - Even internally, any attacker with network access can exploit this without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Guest WiFi

all

Disable the guest WiFi feature to remove the vulnerable endpoint

Restrict HTTP Access

linux

Block external access to router admin interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Isolate affected routers in separate network segments with strict firewall rules
Implement network monitoring for exploit attempts and block malicious IPs

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version has been updated to a version newer than 15.03.06.50

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/WifiGuestSet with abnormal shareSpeed parameter values
Router crash or reboot logs

Network Indicators:

Unusual HTTP traffic to router admin interface on port 80/443
POST requests with long strings in shareSpeed parameter

SIEM Query:

source="router_logs" AND uri="/goform/WifiGuestSet" AND (param="shareSpeed" AND length(value)>100)

📊 Metadata

CVE ID: CVE-2025-12225

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.11% exploit probability (29th percentile)

Published: October 27, 2025

Last Updated: October 28, 2025

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda/WifiGuestSet/WifiGuestSet.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.329895 Permissions Required,VDB Entry
https://vuldb.com/?id.329895 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.673547 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12225, you might also want to check these: