CVE Alert: CVE-2025-12213 - Tenda - O3

CVE-2025-12213

HIGHNo exploitation known

A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS v3.1 (8.8)

Vendor

Tenda

Product

Versions

1.0.0.10(2478)

CWE

CWE-121, Stack-based Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-10-27T04:02:06.607Z

Updated

2025-10-27T04:02:06.607Z

References

https://vuldb.com/?id.329883

https://vuldb.com/?ctiid.329883

https://vuldb.com/?submit.673268

https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/setVlanConfig.md

https://www.tenda.com.cn/

AI Summary Analysis

Risk verdict

Critical risk: remote code execution is feasible on Tenda O3 via a stack-based overflow in setVlanConfig; a public exploit and PoC are available, enabling rapid weaponisation.

Why this matters

Compromising the router could give an attacker full control of the device, exfiltrate traffic, or pivot to other devices on the LAN. In typical consumer and small-office deployments, this creates rapid, broad attack surface across home networks and exposed perimeter devices.

Most likely attack path

No user interaction required from the attacker. From the internet, an adversary can target the WAN-facing /goform/setVlanConfig endpoint with a crafted lan parameter to trigger the overflow, enabling remote code execution. Once compromised, the router gateway can be used to monitor, modify, or block traffic and to pivot to connected hosts, with high impact given C/I/A are all elevated.

Who is most exposed

Primarily home users and small offices running Tenda O3 with WAN exposure or weakly protected remote management. Any deployment relying on consumer-grade routers as Internet edge is at risk, especially if remote administration is enabled.

Detection ideas

Unusual HTTP POSTs to /goform/setVlanConfig with oversized or malformed lan values.
Router crashes, reboots, or kernel/stack traces logged in system logs.
Repeated attempts from external IPs to the router’s management interfaces.
New VLAN or network topology changes without administrator action.
Abrupt spikes in CPU/memory on the device.

Mitigation and prioritisation

Apply the vendor fix to 1.0.0.10(2478) or newer immediately.
Disable WAN/remote management unless explicitly required; bind management to trusted networks.
Implement strict firewall rules to block unsolicited access to management endpoints; segment LAN from WAN where feasible.
Monitor router logs for /goform/setVlanConfig activity and PoC indicators; deploy rapid IR if exploitation is detected.
Schedule patch deployment during a maintenance window; verify compatibility in a test environment before wide rollout.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-12213, o3, OSINT, tenda, threatintel

CVE Alert: CVE-2025-12213 – Tenda – O3