CVE-2025-25678 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-25678?

CVE-2025-25678 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda i12 routers by sending specially crafted requests to the formSetCfm function. Attackers can exploit the buffer overflow in the funcpara1 parameter to gain full control of affected devices. All users running the vulnerable firmware version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda i12 routers by sending specially crafted requests to the formSetCfm function. Attackers can exploit the buffer overflow in the funcpara1 parameter to gain full control of affected devices. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

Tenda i12

Versions: V1.0.0.10(3805)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of the router. The vulnerability is in the firmware itself, not dependent on specific configurations.

📦 What is this software?

I12 Firmware by Tenda

View all CVEs affecting I12 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, credential theft, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Limited impact if device is behind firewall with strict inbound filtering and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web management interfaces exposed.

🏢 Internal Only: MEDIUM - Could still be exploited by attackers who have gained initial access to the internal network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub reference contains technical details and proof-of-concept information. Buffer overflow vulnerabilities in network devices are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for i12 model. 3. Access router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the router's web interface

Access router web interface > Advanced > System Tools > Remote Management > Disable

Network Segmentation

all

Isolate the router from critical internal networks

🧯 If You Can't Patch

Replace the vulnerable device with a different model or vendor
Place the router behind a firewall that blocks all inbound traffic to its management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface: System Status > Firmware Version. If it shows V1.0.0.10(3805), the device is vulnerable.

Check Version:

curl -s http://router-ip/goform/getStatus | grep firmware_version

Verify Fix Applied:

After updating firmware, verify the version no longer shows V1.0.0.10(3805). Test by attempting to access the vulnerable endpoint with test payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setcfm
Multiple failed authentication attempts followed by successful access
Unexpected process execution or configuration changes

Network Indicators:

Unusual outbound connections from router IP
Traffic patterns suggesting command and control communication
Port scanning originating from router

SIEM Query:

source="router_logs" AND (uri="/goform/setcfm" OR funcpara1="*")

📊 Metadata

CVE ID: CVE-2025-25678

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.18% exploit probability (39.1th percentile)

Published: February 20, 2025

Last Updated: April 10, 2025

🔗 References

https://github.com/jangfan/my-vuln/blob/main/Tenda/i12V1/setcfm.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25678, you might also want to check these: