CVE Alert: CVE-2025-12210 – Tenda – O3
CVE-2025-12210
A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
AI Summary Analysis
Risk verdict
Critical risk: remote, low-privilege exploitation with publicly available PoC; requires urgent attention.
Why this matters
The stack-based overflow in the LANIP parameter could allow full device compromise, enabling attacker control over the router, data exfiltration, and potential lateral movement into connected networks. Given the high impact on confidentiality, integrity and availability, an automated weaponisation workflow is plausible.
Most likely attack path
Exploitation can be triggered over the network without user interaction, with the attacker likely already holding low privileges. Successful overflow yields code execution on the AP/firmware context, potentially elevating to full device compromise. With Scope unchanged, consequences include persistent control of the device and subsequent access to adjacent hosts or traffic.
Who is most exposed
Primarily consumer and small-office routers running Tenda O3 in typical home/SMB deployments, often exposed to the internet via WAN management or misconfigured port forwards. Devices in mixed-vendor LANs with internet-facing admin interfaces are at elevated risk.
Detection ideas
- spikes or crashes linked to traffic to /goform/AdvSetLanip; memory corruption indicators in device logs
- unusual, long lanIp values in SetValue/GetValue attempts
- repeated failed attempts from external IPs targeting router admin endpoints
- unexpected reboots or new processes after specific config requests
- anomalous CPU/memory usage during admin traffic
Mitigation and prioritisation
- Apply patched firmware as soon as available; if patch not yet deployed, disable remote management and WAN-admin access; enforce strong network segmentation.
- Implement allow-listing for management interfaces; block unused protocols (Telnet/SSHD) on WAN
- Deploy/verify IDS signatures for AdvSetLanip abuse; monitor for suspicious config-change traffic
- Validate automatic updates and enable them; maintain backups of configuration
- If asset critical or exposure high, treat as priority 2 with rapid remediation.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
