CVE-2025-15232 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-15232?

CVE-2025-15232 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda M3 routers allows remote attackers to execute arbitrary code by manipulating the mac/terminal parameter in the formSetAdPushInfo function. This affects Tenda M3 router users running vulnerable firmware. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda M3 routers allows remote attackers to execute arbitrary code by manipulating the mac/terminal parameter in the formSetAdPushInfo function. This affects Tenda M3 router users running vulnerable firmware. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda M3

Versions: 1.0.0.13(4903)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

M3 Firmware by Tenda

View all CVEs affecting M3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and potential lateral movement to connected devices.

🟠

Likely Case

Router takeover enabling traffic interception, DNS hijacking, credential theft, and deployment of malware on the network.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal network attacks remain possible.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing router interfaces.

🏢 Internal Only: HIGH - Even internally, the vulnerability can be exploited by attackers who gain network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available on GitHub; remote exploitation without authentication makes weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

Check Tenda website for firmware updates. If available, download and flash the latest firmware through the router admin interface.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Tenda M3 routers from critical network segments and restrict WAN access.

Access Control Lists

all

Implement firewall rules to restrict access to router administration interface.

🧯 If You Can't Patch

Replace vulnerable Tenda M3 routers with alternative secure devices
Implement network monitoring and intrusion detection for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 1.0.0.13(4903), device is vulnerable.

Check Version:

Check via router web interface or SSH if enabled: cat /proc/version or similar firmware version command

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.0.0.13(4903).

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setAdPushInfo with manipulated mac/terminal parameters
Router crash logs or abnormal reboots

Network Indicators:

Exploit traffic patterns matching public PoC
Unusual outbound connections from router

SIEM Query:

http.url:"/goform/setAdPushInfo" AND http.method:POST AND (http.param:"mac" OR http.param:"terminal")

📊 Metadata

CVE ID: CVE-2025-15232

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.09% exploit probability (25.9th percentile)

Published: December 30, 2025

Last Updated: January 2, 2026

🔗 References

https://github.com/dwBruijn/CVEs/blob/main/Tenda/setAdPushInfo.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.338628 Permissions Required,VDB Entry
https://vuldb.com/?id.338628 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.725494 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15232, you might also want to check these: