CVE-2025-60660 – A stack overflow vulnerability in Tenda AC18 ro... (How to Fix)

Q: What is the severity of CVE-2025-60660?

CVE-2025-60660 has a CVSS score of 7.5 (HIGH). A stack overflow vulnerability in Tenda AC18 routers allows attackers to execute arbitrary code by sending specially crafted requests to the vulnerable function. This affects Tenda AC18 router users running firmware version 15.03.05.19. Successful exploitation could lead to complete device compromise.

📋 TL;DR

A stack overflow vulnerability in Tenda AC18 routers allows attackers to execute arbitrary code by sending specially crafted requests to the vulnerable function. This affects Tenda AC18 router users running firmware version 15.03.05.19. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Tenda AC18

Versions: V15.03.05.19

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the firmware itself, so all devices running this version are affected regardless of configuration.

📦 What is this software?

Ac18 Firmware by Tenda

View all CVEs affecting Ac18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network traffic interception, and lateral movement into connected devices.

🟠

Likely Case

Router crash/reboot causing denial of service, or limited code execution allowing attacker persistence on the device.

🟢

If Mitigated

No impact if device is not internet-facing and network segmentation prevents access to the vulnerable interface.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and this vulnerability appears to be remotely exploitable via the WAN interface.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The Google Drive reference contains technical details that could be used to create an exploit. Stack overflow vulnerabilities in embedded devices are frequently weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for AC18. 3. Access router admin panel. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Network Segmentation

all

Isolate router management interface to trusted network only

🧯 If You Can't Patch

Replace the vulnerable router with a different model that receives security updates
Place router behind a firewall that blocks all traffic to the vulnerable service/port

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin panel under System Status or System Tools

Check Version:

Login to router admin panel and check System Status page

Verify Fix Applied:

Verify firmware version is newer than V15.03.05.19 after update

📡 Detection & Monitoring

Log Indicators:

Unusual requests to router management interface
Router crash/reboot logs
Failed authentication attempts followed by exploit-like patterns

Network Indicators:

Unusual traffic to router management ports (typically 80/443)
Malformed HTTP requests containing long mac parameter values

SIEM Query:

source="router_logs" AND ("fromAdvSetMacMtuWan" OR "mac parameter" OR "stack overflow")

📊 Metadata

CVE ID: CVE-2025-60660

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 0.1% exploit probability (27.8th percentile)

Published: October 2, 2025

Last Updated: October 7, 2025

🔗 References

https://drive.google.com/file/d/1YTKUiYXMsaAEoasx7xbQxy2tsrC5E3Ew/view?usp=sharing Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60660, you might also want to check these: