CVE-2025-25454 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-25454?

CVE-2025-25454 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buffer overflow in the AdvSetMacMtuWan function. Attackers can exploit this by sending specially crafted requests to the wanSpeed2 parameter. All users running the vulnerable firmware version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buffer overflow in the AdvSetMacMtuWan function. Attackers can exploit this by sending specially crafted requests to the wanSpeed2 parameter. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

Tenda AC10

Versions: V4.0si_V16.03.10.20

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Specific to the AdvSetMacMtuWan function's wanSpeed2 parameter handling.

📦 What is this software?

Ac10 Firmware by Tenda

View all CVEs affecting Ac10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, allowing attackers to intercept traffic, modify configurations, or use the router as a pivot point into internal networks.

🟠

Likely Case

Router crash/reboot causing denial of service, potentially followed by remote code execution if exploit is refined.

🟢

If Mitigated

Limited to denial of service if exploit attempts are blocked at network perimeter or if router has additional security controls.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and the exploit appears to be remotely accessible.

🏢 Internal Only: MEDIUM - Could be exploited from internal networks if attacker gains initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not found in provided references

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download latest firmware for AC10. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to trusted network segments only

🧯 If You Can't Patch

Replace affected routers with different models or brands
Implement strict network access controls to limit exposure to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is V4.0si_V16.03.10.20, device is vulnerable.

Check Version:

Check via router web interface or SSH if enabled: cat /proc/version or show version commands

Verify Fix Applied:

Verify firmware version has been updated to a version later than V4.0si_V16.03.10.20

📡 Detection & Monitoring

Log Indicators:

Multiple failed requests to router management interface
Unusual traffic patterns to router on management ports
Router crash/reboot logs

Network Indicators:

Unusual HTTP POST requests to router containing long strings in wanSpeed2 parameter
Traffic to router on non-standard ports

SIEM Query:

source_ip="router_ip" AND (http_uri CONTAINS "AdvSetMacMtuWan" OR http_post_data CONTAINS "wanSpeed2")

📊 Metadata

CVE ID: CVE-2025-25454

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.4% exploit probability (60.1th percentile)

Published: April 17, 2025

Last Updated: April 22, 2025

🔗 References

https://gist.github.com/xyqer1/491bfd8b9b0868977dca66ab6ce238d2 Exploit,Third Party Advisory
https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-wanSpeed2-StackOverflow Exploit,Third Party Advisory
https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-wanSpeed2-StackOverflow Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25454, you might also want to check these: