Login Sign Up

CVE-2025-29100

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC8 routers via a buffer overflow in the fromSetRouteStatic function. Attackers can exploit this by sending specially crafted network requests to the vulnerable parameter list. This affects users running Tenda AC8 routers with the vulnerable firmware version.

💻 Affected Systems

Products:
  • Tenda AC8
Versions: V16.03.34.06
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web management interface function fromSetRouteStatic. No special configuration required for exploitation.

📦 What is this software?

Ac8 Firmware by Tenda

View all CVEs affecting Ac8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent remote access, network traffic interception, lateral movement to other devices, and potential botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Denial of service or limited information disclosure if exploit attempts are blocked by network controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. Exploitation requires network access to the router's management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates
2. Download latest firmware for AC8 model
3. Access router web interface
4. Navigate to System Tools > Firmware Upgrade
5. Upload and install new firmware
6. Reboot router

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Network Segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

  • Replace affected devices with patched or different models
  • Implement strict network access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status > Firmware Version

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version has been updated to a version later than V16.03.34.06

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/setRouteStatic
  • Multiple failed authentication attempts
  • Unexpected process crashes or reboots

Network Indicators:

  • Unusual outbound connections from router
  • Traffic patterns indicating command and control communication
  • Port scanning originating from router

SIEM Query:

source="router-logs" AND (uri="/goform/setRouteStatic" OR process="httpd" AND event="crash")

📊 Metadata

CVE ID: CVE-2025-29100
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
EPSS Score: 0.18% exploit probability (39.3th percentile)
Published: March 24, 2025
Last Updated: April 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-29100, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)