CVE-2025-12618 – A buffer overflow vulnerability in Tenda AC8 ro... (How to Fix)

Q: What is the severity of CVE-2025-12618?

CVE-2025-12618 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in Tenda AC8 routers allows remote attackers to execute arbitrary code by manipulating the 'Time' parameter in the /goform/DatabaseIniSet endpoint. This affects users of Tenda AC8 routers running firmware version 16.03.34.06, potentially leading to full device compromise.

📋 TL;DR

A buffer overflow vulnerability in Tenda AC8 routers allows remote attackers to execute arbitrary code by manipulating the 'Time' parameter in the /goform/DatabaseIniSet endpoint. This affects users of Tenda AC8 routers running firmware version 16.03.34.06, potentially leading to full device compromise.

💻 Affected Systems

Products:

Tenda AC8

Versions: 16.03.34.06

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version; other versions may be vulnerable if similar code exists.

📦 What is this software?

Ac8 Firmware by Tenda

View all CVEs affecting Ac8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router takeover, enabling attackers to intercept traffic, deploy malware, or pivot to internal networks.

🟠

Likely Case

Router compromise resulting in denial of service, credential theft, or unauthorized network access.

🟢

If Mitigated

Limited impact if isolated or patched, but still poses risk to device integrity.

🌐 Internet-Facing: HIGH, as the vulnerability is remotely exploitable and routers are often internet-facing.

🏢 Internal Only: MEDIUM, if routers are only on internal networks but still accessible to attackers within the perimeter.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly disclosed, making it easier for attackers to develop and deploy attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

Check Tenda's official website for firmware updates. If available, download and apply the patch via the router's web interface, then restart the device.

🔧 Temporary Workarounds

Block Access to Vulnerable Endpoint

linux

Use firewall rules to block external access to the /goform/DatabaseIniSet endpoint on the router.

iptables -A INPUT -p tcp --dport 80 -m string --string '/goform/DatabaseIniSet' --algo bm -j DROP

🧯 If You Can't Patch

Isolate the router on a separate network segment to limit potential damage.
Disable remote management features and restrict administrative access to trusted IPs only.

🔍 How to Verify

Check if Vulnerable:

Check the router's firmware version via the web interface or CLI; if it is 16.03.34.06, it is vulnerable.

Check Version:

Login to router web interface and navigate to System Status or use telnet/SSH if enabled: 'cat /proc/version' or similar.

Verify Fix Applied:

After updating, verify the firmware version has changed from 16.03.34.06 to a patched version.

📡 Detection & Monitoring

Log Indicators:

Unusual requests to /goform/DatabaseIniSet with long 'Time' parameters in router logs.

Network Indicators:

Suspicious traffic patterns or buffer overflow attempts targeting port 80/443 of the router.

SIEM Query:

source="router_logs" AND uri="/goform/DatabaseIniSet" AND (param="Time" AND length>threshold)

📊 Metadata

CVE ID: CVE-2025-12618

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.15% exploit probability (35.6th percentile)

Published: November 3, 2025

Last Updated: November 5, 2025

🔗 References

https://pan.baidu.com/s/11fdpTujKw6Xz0yPE2l4cMw Not Applicable
https://vuldb.com/?ctiid.330912 Permissions Required,VDB Entry
https://vuldb.com/?id.330912 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.678887 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://www.yuque.com/ba1ma0-an29k/nnxoap/ow5xrpw56dqsgtdy?singleDoc Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12618, you might also want to check these: