CVE Alert: CVE-2025-11528 – Tenda – AC7
CVE-2025-11528
A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
AI Summary Analysis
- Risk verdict
High risk with remote code execution potential; public exploit exists, so contemporaneous monitoring and rapid patching are warranted. If KEV is true or EPSS ≥ 0.5, treat as priority 1.
- Why this matters
An attacker could remotely execute code on affected Tenda AC7 devices, potentially taking control, exfiltrating data, or pivoting into connected networks. The combination of network access and memory corruption makes rapid exploitation feasible in the wild, threatening consumer and small-business deployments.
- Most likely attack path
Exploitation requires network access (AV:N, UI:N) and low privileges (PR:L) to trigger a stack-based overflow via /goform/saveAutoQos. The vulnerability enables remote memory corruption with high impact on confidentiality, integrity, and availability, favouring automated or mass scanning tools.
- Who is most exposed
Consumer and small-office deployments running Tenda AC7 firmware are the primary risk group, especially devices with WAN-facing management enabled or exposed to the internet; devices in shared networks or insecure configurations are particularly vulnerable.
- Detection ideas
- Monitor for repeated, malformed requests targeting /goform/saveAutoQos, especially with unusual enable values.
- Look for device crashes, reboots, or memory spikes following such requests.
- IDS/IPS signatures or anomaly detection indicating attempted stacking overflow or exploit payloads.
- Unusual outbound traffic or lateral movement from affected devices.
- Mitigation and prioritisation
- Apply firmware upgrade to 15.03.06.44 or later immediately; confirm patch deployment.
- If patching isn’t feasible, disable remote management from the WAN, restrict management to a VPN or internal network, and implement strict ACLs.
- Implement network segmentation and host-focused monitoring; enable automatic updates if available.
- Develop a rollout plan with a maintenance window and post-patch validation; reassess priority once KEV/EPSS indicators are clarified.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
