CVE Alert: CVE-2025-11356 – Tenda – AC23
CVE-2025-11356
A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.
AI Summary Analysis
Risk verdict
High risk: remote execution is feasible with a published exploit, and the severity is high; urgency depends on KEV/EPSS indicators not provided here.
Why this matters
Compromise of Tenda AC23 could enable full device takeover, traffic manipulation, and lateral movement into connected networks. In organisations, this risks interception of traffic, VPNs, and sensitive management data, plus potential persistence via backdoors or firmware tweaks.
Most likely attack path
Attack is possible over the device’s network management surface via the SetStaticRouteCfg endpoint, using crafted input to trigger a buffer overflow. No user interaction needed, but exploitation requires at least low device privileges and network access to the device. If successful, memory corruption can yield code execution and controller compromise, with potential data integrity and availability impact and lateral movement within the local network.
Who is most exposed
Typically affecting consumer and small-business deployments with remote management enabled or reachable from the LAN/WAN. Environments with exposed routers, IoT gateways, or poorly segmented networks are particularly at risk.
Detection ideas
- Unusual, long parameter lists to /goform/SetStaticRouteCfg or abnormal HTTP requests.
- Crashes or high memory/CPU usage on the device following such requests.
- Logs showing repeated attempts from various sources targeting the management endpoint.
- Indicators of memory corruption or unexpected routing changes.
- Signature-based IOC hits or PoC exploit patterns in network traffic.
Mitigation and prioritisation
- Apply the vendor patch to address the buffer overflow (update to fixed version 16.03.07.52 or newer).
- If patching is delayed, disable or tightly restrict remote management; block external access to management interfaces; implement network ACLs/firewall rules.
- Ensure firmware integrity checks and revert to a known-good configuration post-update.
- Enable verbose logging on the management interface and monitor for anomalous routing changes or crashes.
- Change-management note: test in a controlled window before broad deployment; if KEV or EPSS signals were present, treat as priority 1.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
