CVE-2025-5608 – A critical buffer overflow vulnerability in Ten... (How to Fix)

Q: What is the severity of CVE-2025-5608?

CVE-2025-5608 has a CVSS score of 8.8 (HIGH). A critical buffer overflow vulnerability in Tenda AC18 routers allows remote attackers to execute arbitrary code by manipulating the rebootTime parameter. This affects Tenda AC18 routers running firmware version 15.03.05.05. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A critical buffer overflow vulnerability in Tenda AC18 routers allows remote attackers to execute arbitrary code by manipulating the rebootTime parameter. This affects Tenda AC18 routers running firmware version 15.03.05.05. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda AC18

Versions: 15.03.05.05

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the affected firmware version are vulnerable by default. The vulnerable endpoint is accessible via web interface.

📦 What is this software?

Ac18 Firmware by Tenda

View all CVEs affecting Ac18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, persistent backdoor installation, and data exfiltration.

🟠

Likely Case

Router compromise allowing network traffic interception, DNS hijacking, credential theft, and botnet recruitment.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal threats remain possible.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication, making exposed devices immediate targets.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access, but requires specific targeting.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details are available, making this easily weaponizable. No authentication required for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and install via router web interface. 3. Reboot router after update. 4. Verify firmware version changed from 15.03.05.05.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Access router admin panel → Advanced Settings → Remote Management → Disable

Network Segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to block external access to port 80/443 on router IP

🧯 If You Can't Patch

Replace affected router with different model/brand
Place router behind dedicated firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Access router web interface → System Status → Firmware Version. Check if version is 15.03.05.05.

Check Version:

curl -s http://router-ip/login/Auth | grep firmware_version

Verify Fix Applied:

After update, verify firmware version is no longer 15.03.05.05. Test if /goform/SetSysAutoRebbotCfg endpoint still accepts malformed rebootTime parameter.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetSysAutoRebbotCfg
Multiple failed reboot attempts
Abnormal process creation on router

Network Indicators:

Exploit traffic patterns to router port 80/443
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (url="/goform/SetSysAutoRebbotCfg" OR process="malicious_payload")

📊 Metadata

CVE ID: CVE-2025-5608

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (34th percentile)

Published: June 4, 2025

Last Updated: June 17, 2025

🔗 References

https://lavender-bicycle-a5a.notion.site/Tenda-AC18-formsetreboottimer-20653a41781f801ab9e2e022dd089d69?source=copy_link Exploit,Third Party Advisory
https://vuldb.com/?ctiid.311094 Permissions Required,VDB Entry
https://vuldb.com/?id.311094 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.588935 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5608, you might also want to check these: