CVE-2025-9605 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-9605?

CVE-2025-9605 has a CVSS score of 9.8 (CRITICAL). A stack-based buffer overflow vulnerability in Tenda AC21 and AC23 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the GetParentControlInfo function. This affects devices running firmware version 16.03.08.16. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda AC21 and AC23 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the GetParentControlInfo function. This affects devices running firmware version 16.03.08.16. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda AC21
Tenda AC23

Versions: 16.03.08.16

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the affected firmware version are vulnerable by default. No special configuration is required for exploitation.

📦 What is this software?

Ac21 Firmware by Tenda

View all CVEs affecting Ac21 Firmware →

Ac23 Firmware by Tenda

View all CVEs affecting Ac23 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to connected devices, and participation in botnets.

🟠

Likely Case

Router takeover enabling DNS hijacking, credential theft from network traffic, and denial of service to connected devices.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering, though internal network compromise remains possible.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing by design, and the exploit requires no authentication.

🏢 Internal Only: HIGH - Even if not internet-facing, any network-accessible device could be exploited internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available in GitHub repositories. The vulnerability requires sending a crafted HTTP request to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. If available, download the latest firmware for your specific model. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected routers in a separate network segment with strict firewall rules.

Access Control

linux

Block external access to router management interface using firewall rules.

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace affected routers with different models that are not vulnerable
Implement strict network monitoring and intrusion detection for suspicious traffic to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is 16.03.08.16, the device is vulnerable.

Check Version:

curl -s http://router-ip/goform/GetParentControlInfo | grep -i version or check web admin interface

Verify Fix Applied:

After updating firmware, verify the version number has changed from 16.03.08.16.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/GetParentControlInfo
Multiple failed buffer overflow attempts in system logs
Unexpected router reboots or crashes

Network Indicators:

HTTP traffic to router IP on port 80/443 with malformed mac parameter
Unusual outbound connections from router to unknown IPs

SIEM Query:

source="router_logs" AND (url="/goform/GetParentControlInfo" OR message="buffer overflow")

📊 Metadata

CVE ID: CVE-2025-9605

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: August 29, 2025

Last Updated: September 3, 2025

🔗 References

https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC21/AC21V1.0re_V16.03.08.16.md Exploit,Third Party Advisory
https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC23/Stack-Based%20Buffer%20Overflow%20in%20Tenda%20Wi-Fi%205%20Router%20AC23%EF%BC%88AC23V1.0re_V16.03.07.52%EF%BC%89.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.321783 Permissions Required,VDB Entry
https://vuldb.com/?id.321783 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.636545 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.636548 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC21/AC21V1.0re_V16.03.08.16.md Exploit,Third Party Advisory
https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC23/Stack-Based%20Buffer%20Overflow%20in%20Tenda%20Wi-Fi%205%20Router%20AC23%EF%BC%88AC23V1.0re_V16.03.07.52%EF%BC%89.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9605, you might also want to check these: