CVE Alert: CVE-2025-12622 - Tenda - AC10

CVE-2025-12622

HIGHNo exploitation known

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVSS v3.1 (8.8)

Vendor

Tenda

Product

AC10

Versions

16.03.10.13

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-11-03T07:32:13.624Z

Updated

2025-11-03T07:32:13.624Z

References

https://vuldb.com/?id.330914

https://vuldb.com/?ctiid.330914

https://vuldb.com/?submit.678889

https://www.yuque.com/ba1ma0-an29k/nnxoap/rg8eug0zk8ep3zne?singleDoc

https://pan.baidu.com/s/1Jl1zy5niigg1XYm8ZCh_Lg

https://www.tenda.com.cn/

AI Summary Analysis

Risk verdict

High risk: publicly disclosed exploit enables remote code execution over the network on unpatched devices; urgent attention recommended.

Why this matters

Full compromise of the device could yield unauthorised control, data exposure, and disruption of home or small-office networks. Attackers may use the router as a foothold to pivot to connected devices or procurement of sensitive traffic, increasing risk across the wider environment.

Most likely attack path

Attacker can reach the device remotely over the network with no user interaction, but may require low privileges on the device. Successful exploitation could execute arbitrary code with high impact and affect confidentiality, integrity and availability. Because the CVSS indicates a scope that can affect adjacent resources, compromised routers may enable broader network access or sprawl to other devices on the LAN.

Who is most exposed

Commonly deployed in consumer and small-business environments with firmware often not promptly updated. Devices exposed to WAN management interfaces or left with default configurations are typical targets.

Detection ideas

Unusual requests to the SysRunCmd endpoint with anomalous getui payloads
System logs showing crashes, reboots, or memory corruption traces
Unexpected outbound connections or beaconing from the router
Repeated failed or suspicious remote code execution attempts from external IPs
Indicators of exploitation in CTI feeds or IOAs tied to SysRunCmd activity

Mitigation and prioritisation

Apply available firmware updates as a priority; verify patch version and test in staging before rollout
If patching is not yet possible, disable or restrict remote management interfaces; block exposure of the relevant endpoint from untrusted networks
Implement allowlists or strict WAN access controls and segment the router from critical assets
Enable enhanced logging and IDS signatures for SysRunCmd-related activity; monitor for PoC indicators
Plan a rapid-change deployment and verify post-patch stability; communicate timelines to affected users and stakeholders

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: ac10, CVE, cve-2025-12622, OSINT, tenda, threatintel