CVE-2025-25662 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-25662?

CVE-2025-25662 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda O4 V3.0 routers via a buffer overflow in the SafeSetMacFilter function. Attackers can exploit this by sending specially crafted requests to the web interface, potentially gaining full control of affected devices. All users running the vulnerable firmware version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda O4 V3.0 routers via a buffer overflow in the SafeSetMacFilter function. Attackers can exploit this by sending specially crafted requests to the web interface, potentially gaining full control of affected devices. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

Tenda O4 V3.0

Versions: V1.0.0.10(2936)

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface which is typically enabled by default on these routers.

📦 What is this software?

O4 Firmware by Tenda

View all CVEs affecting O4 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, network traffic interception, and lateral movement to other devices.

🟠

Likely Case

Router takeover allowing attackers to modify DNS settings, intercept credentials, deploy malware to connected devices, or use the router for botnet activities.

🟢

If Mitigated

Limited impact if the router is behind a firewall with restricted web interface access and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - The vulnerable web interface is typically exposed to the internet on home/small office routers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub reference contains technical details and proof-of-concept information. Buffer overflow vulnerabilities in network devices are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. If available, download the latest firmware. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the router's web interface

Log into router admin > Advanced > System Tools > Remote Management > Disable

Change Default Admin Credentials

all

Use strong, unique credentials for router administration

Log into router admin > Advanced > System Tools > Modify Login Password

🧯 If You Can't Patch

Replace the router with a different model that receives security updates
Place router behind a firewall that blocks all inbound traffic to port 80/443

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface: System Status > Firmware Version. If version is V1.0.0.10(2936), device is vulnerable.

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

After updating, verify firmware version has changed from V1.0.0.10(2936) to a newer version.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setMacFilterList
Multiple failed login attempts followed by successful access
Router configuration changes from unknown IPs

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Port scanning originating from router

SIEM Query:

source="router.log" AND (uri="/goform/setMacFilterList" OR "remark/type/time" IN message)

📊 Metadata

CVE ID: CVE-2025-25662

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.18% exploit probability (39.1th percentile)

Published: February 20, 2025

Last Updated: May 7, 2025

🔗 References

https://github.com/jangfan/my-vuln/blob/main/Tenda/O4V3/setMacFilterList.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25662, you might also want to check these: