CVE-2025-55603 – A buffer overflow vulnerability exists in Tenda... (How to Fix)

Q: What is the severity of CVE-2025-55603?

CVE-2025-55603 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability exists in Tenda AX3 routers running firmware version V16.03.12.10_CN. Attackers can exploit this by sending specially crafted NTP server parameters to the fromSetSysTime function, potentially allowing remote code execution. This affects users who have not updated their router firmware.

📋 TL;DR

A buffer overflow vulnerability exists in Tenda AX3 routers running firmware version V16.03.12.10_CN. Attackers can exploit this by sending specially crafted NTP server parameters to the fromSetSysTime function, potentially allowing remote code execution. This affects users who have not updated their router firmware.

💻 Affected Systems

Products:

Tenda AX3

Versions: V16.03.12.10_CN

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the Chinese firmware version; other regional versions may not be vulnerable.

📦 What is this software?

Ax3 Firmware by Tenda

View all CVEs affecting Ax3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of the router, enabling traffic interception, credential theft, and lateral movement into the internal network.

🟠

Likely Case

Router crashes or becomes unstable, causing denial of service and network disruption.

🟢

If Mitigated

Attack fails due to input validation or memory protections, resulting in no impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in GitHub repositories, making weaponization probable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

Check Tenda's official website or support portal for firmware updates. If an update is available, download and install it via the router's web interface, then restart the device.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevents external access to the vulnerable function by disabling remote administration features.

Access router web interface > Advanced Settings > Remote Management > Disable

Restrict NTP Server Input

all

Limit NTP server configuration to trusted, internal servers only.

Access router web interface > System Tools > Time Settings > Set NTP server to a trusted IP

🧯 If You Can't Patch

Segment the network to isolate the router from critical systems.
Implement strict firewall rules to block unnecessary inbound traffic to the router.

🔍 How to Verify

Check if Vulnerable:

Check the router's firmware version via the web interface: Login > System Status > Firmware Version.

Check Version:

Not applicable; use web interface as above.

Verify Fix Applied:

After updating, verify the firmware version is no longer V16.03.12.10_CN.

📡 Detection & Monitoring

Log Indicators:

Unusual NTP configuration requests
Router crash logs or reboots

Network Indicators:

Malformed packets to router's management interface on port 80/443

SIEM Query:

source_ip="router_ip" AND (http_uri CONTAINS "setSysTime" OR http_post_data CONTAINS "ntpServer")

📊 Metadata

CVE ID: CVE-2025-55603

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.09% exploit probability (24.6th percentile)

Published: August 22, 2025

Last Updated: September 26, 2025

🔗 References

https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_45/45.md Exploit,Third Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_45/45.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55603, you might also want to check these: