CVE-2025-63149
📋 TL;DR
This CVE describes a stack overflow vulnerability in Tenda AX3 routers running firmware version V16.03.12.10_CN. Attackers can exploit this by sending specially crafted requests to the urls parameter of the get_parentControl_list_Info function, causing a Denial of Service (DoS) that crashes the router. Only users of this specific Tenda AX3 firmware version are affected.
💻 Affected Systems
- Tenda AX3
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete router crash requiring physical power cycle, potentially leading to extended network downtime and disruption of all connected services.
Likely Case
Router becomes unresponsive, requiring reboot to restore functionality, causing temporary network outage.
If Mitigated
Minimal impact with proper network segmentation and monitoring that can detect and respond to DoS attempts quickly.
🎯 Exploit Status
Public proof-of-concept exists on GitHub, making exploitation straightforward for attackers with basic skills.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: Yes
Instructions:
1. Check Tenda's official website for firmware updates. 2. If update available, download and install via router admin interface. 3. Reboot router after installation.
🔧 Temporary Workarounds
Disable Parental Control Feature
allDisable the parental control functionality that contains the vulnerable function
Network Segmentation
allPlace router behind firewall and restrict access to admin interface
🧯 If You Can't Patch
- Replace affected router with different model or updated version
- Implement strict network access controls to limit exposure to the router's management interface
🔍 How to Verify
Check if Vulnerable:
Check router firmware version in admin interface. If version is exactly V16.03.12.10_CN, the device is vulnerable.Check Version:
Login to router admin interface and navigate to System Status or About pageVerify Fix Applied:
Verify firmware version has changed from V16.03.12.10_CN to a newer version after update.📡 Detection & Monitoring
Log Indicators:
- Multiple failed requests to parental control endpoints
- Router crash/reboot events in system logs
- Unusual traffic patterns to router management interface
Network Indicators:
- Multiple HTTP POST requests to /goform/getParentControlList with malformed urls parameter
- Sudden loss of connectivity to router
SIEM Query:
source="router_logs" AND (uri="/goform/getParentControlList" OR message="crash" OR message="reboot")