CVE-2025-4299 – A critical buffer overflow vulnerability in Ten... (How to Fix)

Q: What is the severity of CVE-2025-4299?

CVE-2025-4299 has a CVSS score of 8.8 (HIGH). A critical buffer overflow vulnerability in Tenda AC1206 routers allows remote attackers to execute arbitrary code by exploiting the setSchedWifi function. This affects all Tenda AC1206 routers running firmware versions up to 15.03.06.23. Attackers can potentially take full control of vulnerable devices without authentication.

📋 TL;DR

A critical buffer overflow vulnerability in Tenda AC1206 routers allows remote attackers to execute arbitrary code by exploiting the setSchedWifi function. This affects all Tenda AC1206 routers running firmware versions up to 15.03.06.23. Attackers can potentially take full control of vulnerable devices without authentication.

💻 Affected Systems

Products:

Tenda AC1206

Versions: All versions up to and including 15.03.06.23

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. The vulnerable endpoint /goform/openSchedWifi is typically accessible via web interface.

📦 What is this software?

Ac1206 Firmware by Tenda

View all CVEs affecting Ac1206 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, creation of persistent backdoors, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering, though internal network compromise remains possible.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing routers directly exposed to attackers.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this to pivot within the network, though requires initial network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details are available on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC1206. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and install new firmware. 6. Reboot router after installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable routers in separate network segments to limit potential lateral movement.

Access Control Lists

all

Implement firewall rules to restrict access to router management interface from untrusted networks.

🧯 If You Can't Patch

Replace vulnerable routers with patched or different models
Implement strict network monitoring and intrusion detection for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is 15.03.06.23 or earlier, device is vulnerable.

Check Version:

Login to router web interface and check System Status or Firmware Version page

Verify Fix Applied:

Verify firmware version is higher than 15.03.06.23 after applying any available updates.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/openSchedWifi
Large payloads in HTTP requests to router management interface
Multiple failed exploit attempts

Network Indicators:

Unusual outbound connections from router
Traffic patterns suggesting router compromise
Exploit payloads in HTTP traffic

SIEM Query:

source="router_logs" AND (uri="/goform/openSchedWifi" OR method="POST" AND size>1000)

📊 Metadata

CVE ID: CVE-2025-4299

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.44% exploit probability (62.5th percentile)

Published: May 6, 2025

Last Updated: May 13, 2025

🔗 References

https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206setSchedWifi/setSchedWifi.md Broken Link
https://vuldb.com/?ctiid.307403 Permissions Required,VDB Entry
https://vuldb.com/?id.307403 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.563558 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4299, you might also want to check these: