Login Sign Up

CVE-2025-12622

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Tenda AC10 routers allows remote attackers to execute arbitrary code by manipulating the 'getui' parameter in the formSysRunCmd function. This affects Tenda AC10 routers running firmware version 16.03.10.13. The vulnerability is remotely exploitable and has been publicly disclosed.

💻 Affected Systems

Products:
  • Tenda AC10
Versions: 16.03.10.13
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific firmware version only. Other Tenda models/versions may not be affected.

📦 What is this software?

Ac10 Firmware by Tenda

View all CVEs affecting Ac10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and potential lateral movement to other systems.

🟠

Likely Case

Remote code execution allowing attacker to gain control of the router, intercept/modify network traffic, or use as pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing routers.
🏢 Internal Only: MEDIUM - Could still be exploited from within the network if attacker gains internal access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details have been publicly disclosed and are available in the referenced links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC10. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Network segmentation

all

Place router in isolated network segment to limit attack surface

🧯 If You Can't Patch

  • Replace affected router with different model/vendor
  • Implement strict firewall rules to block all WAN access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is exactly 16.03.10.13, device is vulnerable.

Check Version:

Check via router web interface or SSH if available: cat /proc/version or show version commands

Verify Fix Applied:

Verify firmware version has changed from 16.03.10.13 after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/SysRunCmd
  • Buffer overflow errors in system logs
  • Unexpected process execution

Network Indicators:

  • Exploit traffic patterns to router management interface
  • Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (url="/goform/SysRunCmd" OR message="*buffer overflow*")

📊 Metadata

CVE ID: CVE-2025-12622
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.11% exploit probability (29.4th percentile)
Published: November 3, 2025
Last Updated: November 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12622, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)