CVE-2025-45779 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-45779?

CVE-2025-45779 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buffer overflow in the formSetPPTPUserList handler. Attackers can exploit this by sending specially crafted POST requests to the vulnerable endpoint. All users running the affected firmware version on Tenda AC10 V1.0 routers are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buffer overflow in the formSetPPTPUserList handler. Attackers can exploit this by sending specially crafted POST requests to the vulnerable endpoint. All users running the affected firmware version on Tenda AC10 V1.0 routers are at risk.

💻 Affected Systems

Products:

Tenda AC10 V1.0

Versions: V15.03.06.46

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface's PPTP user list handler. No special configuration is required to be vulnerable.

📦 What is this software?

Ac10 Firmware by Tenda

View all CVEs affecting Ac10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router leading to persistent backdoor installation, credential theft, network traffic interception, and lateral movement to connected devices.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the router as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if the router is behind a firewall with restricted WAN access and proper network segmentation is implemented.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and this vulnerability can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub repository contains proof-of-concept code demonstrating exploitation. The high CVSS score and public PoC make weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tendacn.com/us/download/detail-3782.html

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for AC10 V1.0. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the router's web management interface

Log into router admin > Advanced > System Tools > Remote Management > Disable

Restrict Management Interface Access

linux

Use firewall rules to limit access to router management port (typically 80/443)

iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Isolate the router in a separate VLAN with strict firewall rules
Implement network monitoring for suspicious POST requests to /goform/setPPTPUserList

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools > Firmware Upgrade

Check Version:

curl -s http://router_ip/login/Auth | grep -i firmware || Check web interface manually

Verify Fix Applied:

Verify firmware version is newer than V15.03.06.46 and test that the /goform/setPPTPUserList endpoint properly validates input

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setPPTPUserList
Large payloads in POST parameters
Router reboot events after suspicious requests

Network Indicators:

HTTP POST requests to router IP on port 80/443 with 'list' parameter containing long strings
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (uri_path="/goform/setPPTPUserList" OR http_method="POST" AND uri_path CONTAINS "PPTP")

📊 Metadata

CVE ID: CVE-2025-45779

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.28% exploit probability (51.2th percentile)

Published: May 12, 2025

Last Updated: June 13, 2025

🔗 References

https://github.com/sunyou-iot/iot-vul/blob/main/TendaAC10/CVE-2025-45779/README.md Exploit,Third Party Advisory
https://www.tendacn.com/us/download/detail-3782.html Product
https://github.com/sunyou-iot/iot-vul/blob/main/TendaAC10/CVE-2025-45779/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45779, you might also want to check these: