CVE-2025-57572 – This CVE describes a buffer overflow vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-57572?

CVE-2025-57572 has a CVSS score of 5.6 (MEDIUM). This CVE describes a buffer overflow vulnerability in Tenda F3 routers via the onlineList parameter in the setParentControl form handler. Attackers could potentially execute arbitrary code or crash the device by sending specially crafted requests. Users of Tenda F3 routers with affected firmware versions are vulnerable.

📋 TL;DR

This CVE describes a buffer overflow vulnerability in Tenda F3 routers via the onlineList parameter in the setParentControl form handler. Attackers could potentially execute arbitrary code or crash the device by sending specially crafted requests. Users of Tenda F3 routers with affected firmware versions are vulnerable.

💻 Affected Systems

Products:

Tenda F3

Versions: V12.01.01.48_multi and later versions

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface. Parental control feature must be enabled or the endpoint accessible.

📦 What is this software?

F3 Firmware by Tenda

View all CVEs affecting F3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence, and lateral movement within the network.

🟠

Likely Case

Router crash requiring physical reset, temporary denial of service, or limited memory corruption.

🟢

If Mitigated

No impact if the vulnerable endpoint is not accessible or proper input validation is implemented.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and this vulnerability affects a web management interface endpoint.

🏢 Internal Only: MEDIUM - Attackers would need internal network access, but once inside, exploitation is straightforward.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires sending crafted HTTP POST requests to the vulnerable endpoint. Authentication status is unclear from the description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda for firmware updates after V12.01.01.48_multi

Vendor Advisory: http://tenda.com

Restart Required: Yes

Instructions:

1. Log into Tenda router admin interface. 2. Navigate to System Tools > Firmware Upgrade. 3. Download latest firmware from Tenda website. 4. Upload and install the firmware. 5. Reboot the router.

🔧 Temporary Workarounds

Disable Parental Control Feature

all

Disable the parental control functionality that uses the vulnerable endpoint

Restrict Web Interface Access

all

Configure firewall rules to restrict access to router web management interface

🧯 If You Can't Patch

Isolate the router on a separate network segment
Implement network monitoring for unusual HTTP POST requests to /goform/setParentControl

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is V12.01.01.48_multi or later, the device is vulnerable.

Check Version:

Check via web interface at http://router_ip or use command: curl http://router_ip/login/Auth

Verify Fix Applied:

After updating firmware, verify the version is newer than V12.01.01.48_multi and test the endpoint with malformed input.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setParentControl
Router crash/reboot logs
Large payloads in HTTP requests

Network Indicators:

HTTP POST requests with oversized onlineList parameter
Traffic to router web interface from unexpected sources

SIEM Query:

source="router_logs" AND (uri="/goform/setParentControl" OR message="buffer overflow" OR message="crash")

📊 Metadata

CVE ID: CVE-2025-57572

CVSS v3 Score: 5.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-120

EPSS Score: 0.03% exploit probability (9.4th percentile)

Published: September 10, 2025

Last Updated: September 17, 2025

🔗 References

http://tenda.com Not Applicable
https://github.com/arashiclustar/PingX-md/blob/main/F3/2025-57572/C.V.E-2025-57572.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57572, you might also want to check these: