CVE-2025-60662 – A stack overflow vulnerability in Tenda AC18 ro... (How to Fix)

Q: What is the severity of CVE-2025-60662?

CVE-2025-60662 has a CVSS score of 7.5 (HIGH). A stack overflow vulnerability in Tenda AC18 routers allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted requests to the wanSpeed parameter. This affects all users running the vulnerable firmware version on Tenda AC18 routers. Successful exploitation could lead to complete device compromise.

📋 TL;DR

A stack overflow vulnerability in Tenda AC18 routers allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted requests to the wanSpeed parameter. This affects all users running the vulnerable firmware version on Tenda AC18 routers. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Tenda AC18

Versions: V15.03.05.19

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable. The vulnerability is in the web management interface.

📦 What is this software?

Ac18 Firmware by Tenda

View all CVEs affecting Ac18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network traffic interception, and lateral movement to internal devices.

🟠

Likely Case

Router crash/reboot causing temporary network outage, or limited code execution allowing attacker persistence on the router.

🟢

If Mitigated

Denial of service only if exploit fails or memory protections prevent code execution.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices accessible via web interface or management protocols.

🏢 Internal Only: MEDIUM - Attackers could pivot from compromised internal hosts to target the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The reference link contains technical details and likely includes proof-of-concept code. Stack overflow vulnerabilities in embedded devices are frequently weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download latest firmware for AC18. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface to trusted network

🧯 If You Can't Patch

Replace vulnerable router with different model/brand
Implement strict firewall rules blocking all external access to router management ports (typically 80, 443, 8080)

🔍 How to Verify

Check if Vulnerable:

Log into router web interface, navigate to System Status > Firmware Version, check if version is V15.03.05.19

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

After firmware update, verify version is newer than V15.03.05.19

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/advSetMacMtuWan
Router crash/reboot logs
Large payloads in wanSpeed parameter

Network Indicators:

HTTP requests with oversized wanSpeed parameter to router IP
Unusual traffic patterns from router after exploitation

SIEM Query:

source="router_logs" AND (uri_path="/goform/advSetMacMtuWan" OR message="wanSpeed")

📊 Metadata

CVE ID: CVE-2025-60662

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 0.1% exploit probability (27.8th percentile)

Published: October 2, 2025

Last Updated: October 7, 2025

🔗 References

https://drive.google.com/file/d/1-XpZmT_Yw5JtygQJ6HZBRnC5IjlAnLQO/view?usp=sharing Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60662, you might also want to check these: