Login Sign Up

CVE-2025-57058

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Tenda G3 routers allows attackers to trigger stack overflows via specially crafted requests to the formSetDebugCfg function, leading to Denial of Service (DoS). Attackers can crash the device by exploiting the pEnable, pLevel, and pModule parameters. Organizations using affected Tenda G3 routers are at risk.

💻 Affected Systems

Products:
  • Tenda G3
Versions: v3.0br_V15.11.0.17
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web management interface. Earlier versions may also be vulnerable but not confirmed.

📦 What is this software?

G3 Firmware by Tenda

View all CVEs affecting G3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, potentially disrupting all network services and allowing further exploitation if combined with other vulnerabilities.

🟠

Likely Case

Router becomes unresponsive, requiring manual reboot and causing temporary network outage.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized access to management interface.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web management interfaces accessible from WAN.
🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access to management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in GitHub repositories. The vulnerability requires network access to the management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Network Segmentation

all

Isolate router management interface to trusted network segments only

🧯 If You Can't Patch

  • Implement strict firewall rules to block external access to router management interface (typically port 80/443)
  • Use VPN for management access instead of exposing interface directly

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at System Status > Firmware Version

Check Version:

curl -s http://router-ip/status.cgi | grep firmware_version

Verify Fix Applied:

Verify firmware version is newer than v3.0br_V15.11.0.17

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /goform/setDebugCfg
  • Router crash/reboot events
  • Unusual traffic to router management interface

Network Indicators:

  • HTTP POST requests with long parameter values to /goform/setDebugCfg
  • Sudden loss of connectivity to router

SIEM Query:

source="router_logs" AND (uri_path="/goform/setDebugCfg" OR event="crash" OR event="reboot")

📊 Metadata

CVE ID: CVE-2025-57058
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-121
EPSS Score: 0.08% exploit probability (24.5th percentile)
Published: September 9, 2025
Last Updated: September 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57058, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)