CVE-2025-55483
📋 TL;DR
This CVE describes a buffer overflow vulnerability in Tenda AC6 routers, specifically in the formSetMacFilterCfg function. Attackers can exploit it by sending crafted requests with malicious macFilterType and deviceList parameters, potentially leading to remote code execution or denial of service. Users of Tenda AC6 routers with the affected firmware are at risk.
💻 Affected Systems
- Tenda AC6
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution allowing full compromise of the router, enabling attackers to intercept traffic, modify settings, or pivot to internal networks.
Likely Case
Denial of service causing router crashes or instability, disrupting network connectivity for connected devices.
If Mitigated
Limited impact if the router is isolated or patched, with only minor service interruptions possible.
🎯 Exploit Status
A proof-of-concept is available on GitHub, indicating the exploit is straightforward to implement, though weaponization in widespread attacks is not confirmed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
Check Tenda's official website or support for firmware updates; if none, consider workarounds or replacement.
🔧 Temporary Workarounds
Disable MAC Filtering
allTurn off MAC address filtering in the router settings to prevent exploitation via the vulnerable function.
Access router web interface, navigate to MAC Filter settings, and disable it.
Restrict Access
allLimit access to the router's admin interface to trusted IP addresses only.
Configure firewall rules on the router to allow admin access from specific IPs.
🧯 If You Can't Patch
- Isolate the router on a separate network segment to limit potential damage.
- Monitor network traffic for unusual requests to the router's web interface.
🔍 How to Verify
Check if Vulnerable:
Check the router firmware version via the web interface; if it matches V15.03.06.23_multi, it is vulnerable.Check Version:
Log into the router web interface and check the firmware version under System Status or similar.Verify Fix Applied:
Update to a newer firmware version from Tenda and confirm the version has changed.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to formSetMacFilterCfg with long parameters in router logs.
Network Indicators:
- Abnormal traffic patterns to the router's admin port (e.g., port 80/443) with crafted payloads.
SIEM Query:
source="router_logs" AND uri="/goform/setMacFilterCfg" AND (param_length>threshold OR error="buffer overflow")