CVE Alert: CVE-2025-12596 - Tenda - AC23

CVE-2025-12596

HIGHNo exploitation known

A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

CVSS v3.1 (8.8)

Vendor

Tenda

Product

AC23

Versions

16.03.07.52

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-11-02T10:32:06.299Z

Updated

2025-11-02T10:32:06.299Z

References

https://vuldb.com/?id.330891

https://vuldb.com/?ctiid.330891

https://vuldb.com/?submit.677585

https://github.com/LX-LX88/cve/issues/9

https://www.tenda.com.cn/

AI Summary Analysis

Risk verdict

High risk due to a remote buffer overflow with publicly disclosed exploit; treat as priority pending confirmation of KEV/EPSS exploitation signals.

Why this matters

Remote attacker could trigger the overflow via the management endpoint and gain control of the device, with potential data exposure or disruption of network services. Compromise of a consumer router can enable payload delivery to clients, enable lateral movement within the local network, and degrade business continuity in remote or branch-office deployments.

Most likely attack path

Exploitation is network-based and requires low privileges with no user interaction. An attacker can target the saveParentControlInfo routine remotely, sending crafted input to Time to overwrite memory, achieve code execution and persist within the device. The lack of UI interaction raises the probability of automated, mass-target attempts and rapid laddered access to adjacent devices on the LAN.

Who is most exposed

Commonly deployed in homes and SMBs with WAN-facing management interfaces enabled; devices in unsegmented networks or with weak firmware controls are particularly vulnerable to mass scanning and exploitation.

Detection ideas

Logs showing crashes or unusual memory corruption events tied to /goform/saveParentControlInfo.
Anomalous spikes in traffic to the management endpoint without authentication.
Unexpected admin session creations or remote configuration changes.
Crashes or reboots following crafted requests to Time parameter.
Indicators of exploit payloads or known IOCs from CTI feeds.

Mitigation and prioritisation

Apply vendor patch/firmware upgrade to the fixed version.
Disable or tightly restrict remote management exposure; enforce allowlists for admin access.
Implement network segmentation and monitor for anomalous admin activity.
Ensure robust input validation on management endpoints; review related logging.
If KEV is true or EPSS ≥ 0.5, treat as priority 1; otherwise prioritise patching within the high-severity window and verify compensating controls.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: ac23, CVE, cve-2025-12596, OSINT, tenda, threatintel