CVE-2025-9299 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-9299?

CVE-2025-9299 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda M3 routers allows remote attackers to execute arbitrary code by manipulating the 'Time' parameter in the formGetMasterPassengerAnalyseData function. This affects Tenda M3 routers running firmware version 1.0.0.12. The vulnerability is remotely exploitable and has a public proof-of-concept available.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda M3 routers allows remote attackers to execute arbitrary code by manipulating the 'Time' parameter in the formGetMasterPassengerAnalyseData function. This affects Tenda M3 routers running firmware version 1.0.0.12. The vulnerability is remotely exploitable and has a public proof-of-concept available.

💻 Affected Systems

Products:

Tenda M3

Versions: 1.0.0.12

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of Tenda M3 routers. The vulnerable endpoint is accessible via HTTP requests.

📦 What is this software?

M3 Firmware by Tenda

View all CVEs affecting M3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to take control of the router, intercept network traffic, and pivot to internal systems.

🟢

If Mitigated

Denial of service or limited impact if proper network segmentation and access controls are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing routers with a public exploit available.

🏢 Internal Only: MEDIUM - Internal routers could be exploited if attackers gain initial access to the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exploit code is available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for M3 model. 3. Access router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the router's web management interface.

Access router web interface > System Tools > Remote Management > Disable

Network Segmentation

all

Isolate Tenda M3 routers in a separate VLAN with restricted access.

🧯 If You Can't Patch

Implement strict firewall rules to block external access to port 80/443 on the router
Replace vulnerable Tenda M3 routers with patched or alternative models

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface: System Status > Firmware Version. If version is 1.0.0.12, device is vulnerable.

Check Version:

curl -s http://router-ip/goform/getMasterPassengerAnalyseData?Time=$(python3 -c "print('A'*1000)")

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.0.0.12.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/getMasterPassengerAnalyseData with long Time parameters
Router crash/reboot logs

Network Indicators:

HTTP requests with abnormally long Time parameter values to router IP
Traffic patterns suggesting buffer overflow exploitation

SIEM Query:

source="router_logs" AND uri="/goform/getMasterPassengerAnalyseData" AND (param_length(Time) > 100 OR contains(Time, "AAAAAAAA"))

📊 Metadata

CVE ID: CVE-2025-9299

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.6th percentile)

Published: August 21, 2025

Last Updated: August 25, 2025

🔗 References

https://github.com/davybat/IoT-Vuls/blob/main/tenda/formGetMasterPassengerAnalyseData.md Exploit,Third Party Advisory
https://github.com/davybat/IoT-Vuls/blob/main/tenda/formGetMasterPassengerAnalyseData.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.320904 Permissions Required,VDB Entry
https://vuldb.com/?id.320904 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.632336 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/davybat/IoT-Vuls/blob/main/tenda/formGetMasterPassengerAnalyseData.md Exploit,Third Party Advisory
https://github.com/davybat/IoT-Vuls/blob/main/tenda/formGetMasterPassengerAnalyseData.md#poc Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9299, you might also want to check these: