CVE-2025-9523 – This vulnerability in Tenda AC1206 routers allo... (How to Fix)

Q: What is the severity of CVE-2025-9523?

CVE-2025-9523 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Tenda AC1206 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the GetParentControlInfo function. Attackers can exploit this without authentication to potentially take full control of affected devices. All users running the vulnerable firmware version are at risk.

📋 TL;DR

This vulnerability in Tenda AC1206 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the GetParentControlInfo function. Attackers can exploit this without authentication to potentially take full control of affected devices. All users running the vulnerable firmware version are at risk.

💻 Affected Systems

Products:

Tenda AC1206

Versions: 15.03.06.23

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable function is accessible via web interface, making all default configurations vulnerable.

📦 What is this software?

Ac1206 Firmware by Tenda

View all CVEs affecting Ac1206 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal network exposure remains.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and public exploit code exists.

🏢 Internal Only: HIGH - Even internally, the vulnerability requires no authentication and can be exploited by any network user.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub, making exploitation trivial for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected devices with supported models from different vendors
Implement strict network access controls to limit exposure to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools > Firmware Upgrade

Check Version:

curl -s http://router-ip/goform/GetParentControlInfo?mac=$(python -c "print('A'*1000)") - check for crash/error

Verify Fix Applied:

Verify firmware version is no longer 15.03.06.23 after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/GetParentControlInfo with long mac parameters
Router crash/reboot logs
Unusual outbound connections from router

Network Indicators:

HTTP requests with abnormally long mac parameter values to router IP
Sudden changes in router configuration

SIEM Query:

source="router_logs" AND uri_path="/goform/GetParentControlInfo" AND uri_query="*mac=*" AND length(uri_query) > 100

📊 Metadata

CVE ID: CVE-2025-9523

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.58% exploit probability (68.4th percentile)

Published: August 27, 2025

Last Updated: September 20, 2025

🔗 References

https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC1206/AC1206V1.0RTL_V15.03.06.23.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.321541 Permissions Required,VDB Entry
https://vuldb.com/?id.321541 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.634309 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9523, you might also want to check these: