CVE Alert: CVE-2025-12619 - Tenda - A15

CVE-2025-12619

HIGHNo exploitation known

A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

CVSS v3.1 (8.8)

Vendor

Tenda

Product

A15

Versions

15.13.07.13

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-11-03T07:02:11.692Z

Updated

2025-11-03T07:02:11.692Z

References

https://vuldb.com/?id.330913

https://vuldb.com/?ctiid.330913

https://vuldb.com/?submit.678888

https://www.yuque.com/ba1ma0-an29k/nnxoap/tzg68iadbmqx6esm?singleDoc

https://pan.baidu.com/s/1N5pzWOYFGl7KGuh9yjlDHg

https://www.tenda.com.cn/

AI Summary Analysis

Risk verdict

High risk: remote code execution with a publicly available exploit; elevated urgency for devices exposed to untrusted networks or the internet.

Why this matters

Affects consumer-grade Tenda A15 gateways, enabling an attacker to run arbitrary code with high impact on confidentiality, integrity, and availability. If weaponised, compromise could lead to device takeover, traffic manipulation, credential exposure, or network-wide persistence in affected homes or small offices.

Most likely attack path

An attacker can exploit over the network without user interaction, leveraging a low-privilege context to trigger a buffer overflow in openNetworkGateway via crafted input to wpapsk_crypto2_4g. Successful exploitation yields control of the gateway process and potential full device compromise; lateral movement is contained to the gateway but may enable traffic interception or pivot to connected hosts within the LAN.

Who is most exposed

Consumers and small offices using Tenda A15 in typical home or small business deployments, especially where WAN management interfaces are reachable from the internet or poorly isolated from the LAN.

Detection ideas

Unusual or repeated HTTP requests to /goform/openNetworkGateway with crafted wpapsk_crypto2_4g values.
Gateway process crashes or memory corruption logs; abnormal memory/CPU spikes on the device.
Crash dumps or stack traces pointing to openNetworkGateway.
Unauthorised firmware reboots or resilience checks failing post-request.

Mitigation and prioritisation

Patch: update to the vendor’s fixed firmware version as soon as available; verify release notes for CVE remediation.
Disable or restrict remote management; segment WAN/admin access from the LAN; apply strict access controls.
Apply network access controls to limit exposure of the gateway admin interface (firewall, ACLs, VPN-only admin).
Implement change-management: schedule firmware upgrade windows; backup configurations; monitor for post-update instability.
If patching is delayed, implement compensating controls and heightened monitoring; treat as priority 2–1 depending on exposure level.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: a15, CVE, cve-2025-12619, OSINT, tenda, threatintel