CVE-2025-57078 – A stack overflow vulnerability exists in Tenda ... (How to Fix)

Q: What is the severity of CVE-2025-57078?

CVE-2025-57078 has a CVSS score of 7.5 (HIGH). A stack overflow vulnerability exists in Tenda G3 routers through the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. Attackers can exploit this by sending specially crafted requests to cause a Denial of Service (DoS), potentially crashing the router. This affects Tenda G3 router users running vulnerable firmware versions.

📋 TL;DR

A stack overflow vulnerability exists in Tenda G3 routers through the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. Attackers can exploit this by sending specially crafted requests to cause a Denial of Service (DoS), potentially crashing the router. This affects Tenda G3 router users running vulnerable firmware versions.

💻 Affected Systems

Products:

Tenda G3 router

Versions: v3.0br_V15.11.0.17 (specific version mentioned, potentially earlier versions may be affected)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface functionality related to PPPoE authentication white MAC address management.

📦 What is this software?

G3 Firmware by Tenda

View all CVEs affecting G3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Router becomes completely unresponsive, requiring physical power cycle or factory reset, disrupting all network connectivity for connected devices.

🟠

Likely Case

Router crashes or becomes unstable, causing temporary network outage until device reboots automatically or manually.

🟢

If Mitigated

Limited to isolated network segment with no critical services, causing minimal disruption to non-essential devices.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and this vulnerability can be exploited remotely via crafted network requests.

🏢 Internal Only: MEDIUM - Could be exploited from internal network if attacker gains access, but routers are primarily perimeter devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vulnerability details and proof-of-concept are publicly available in GitHub repositories. Exploitation requires sending crafted HTTP requests to the router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for G3 model. 3. Access router web interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable PPPoE authentication white MAC feature

all

If not using PPPoE authentication with MAC filtering, disable this feature to remove attack surface.

Restrict web interface access

all

Limit access to router web management interface to trusted IP addresses only.

Configure firewall rules to allow router web interface access only from specific management IPs

🧯 If You Can't Patch

Segment router onto isolated management network with strict access controls
Implement network monitoring for abnormal HTTP requests to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status or Firmware Upgrade section.

Check Version:

Access router web interface and navigate to system information page, or use: curl http://router-ip/login/Auth

Verify Fix Applied:

Verify firmware version has been updated to a version later than v3.0br_V15.11.0.17.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts to web interface
Router crash/reboot logs
Unusual HTTP POST requests to formModifyPppAuthWhiteMac endpoint

Network Indicators:

HTTP requests with unusually long pppoeServerWhiteMacIndex parameter values
Sudden loss of connectivity to router management interface

SIEM Query:

source="router_logs" AND (uri="/goform/ModifyPppAuthWhiteMac" OR message="crash" OR message="reboot")

📊 Metadata

CVE ID: CVE-2025-57078

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.08% exploit probability (24.5th percentile)

Published: September 9, 2025

Last Updated: September 17, 2025

🔗 References

https://github.com/vulnDetailRecord/VulforDevice/blob/main/Tenda/G3/formModifyPppAuthWhiteMac.md Exploit,Third Party Advisory
https://github.com/vulnDetailRecord/VulforDevice/blob/main/Tenda/G3/formModifyPppAuthWhiteMac.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57078, you might also want to check these: