CVE-2025-25456 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-25456?

CVE-2025-25456 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buffer overflow in the AdvSetMacMtuWan function. Attackers can exploit this by sending specially crafted requests to the vulnerable parameter 'mac2'. All users running the affected firmware version are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buffer overflow in the AdvSetMacMtuWan function. Attackers can exploit this by sending specially crafted requests to the vulnerable parameter 'mac2'. All users running the affected firmware version are at risk.

💻 Affected Systems

Products:

Tenda AC10

Versions: V4.0si_V16.03.10.20

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Ac10 Firmware by Tenda

View all CVEs affecting Ac10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to remote code execution, router takeover, network traffic interception, and lateral movement to other devices.

🟠

Likely Case

Router compromise allowing attackers to modify settings, intercept traffic, or use the device as a foothold for further attacks.

🟢

If Mitigated

Limited impact if network segmentation prevents router access or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN interfaces.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access, but external exposure is more concerning.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found at time of analysis

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC10. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace affected router with different model/brand
Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is V4.0si_V16.03.10.20, device is vulnerable.

Check Version:

Login to router web interface and check System Status or Firmware Version page

Verify Fix Applied:

After updating firmware, verify version is no longer V4.0si_V16.03.10.20.

📡 Detection & Monitoring

Log Indicators:

Multiple failed requests to AdvSetMacMtuWan endpoint
Unusual POST requests with long mac2 parameters

Network Indicators:

Traffic to router management interface with unusually long parameter values
Exploit pattern matching known PoC signatures

SIEM Query:

source="router_logs" AND (uri="*AdvSetMacMtuWan*" AND parameter_length>100)

📊 Metadata

CVE ID: CVE-2025-25456

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.45% exploit probability (63.1th percentile)

Published: April 15, 2025

Last Updated: April 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25456, you might also want to check these: