CVE-2025-51087: Stack Overflow Vulnerability in Tenda AC8V4 Routers
A critical stack overflow vulnerability has been discovered in Tenda AC8V4 routers, potentially allowing attackers to execute arbitrary code remotely. This post details the vulnerability, its impact, and recommended mitigation steps.
Vulnerability Details
- CVE ID: CVE-2025-51087
- Description: The Tenda AC8V4 V16.03.34.06 firmware is vulnerable to a stack overflow in the `/goform/saveParentControlInfo` endpoint. By manipulating the `time` argument, an attacker can trigger a stack-based buffer overflow.
- CVSS Score: 8.6 (High)
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
- CVSS Explanation: A network-based attacker can exploit this vulnerability without any user interaction or privileges. Successful exploitation allows the attacker to gain high confidentiality impact, limited integrity impact and limited availability impact on the system.
- Exploit Requirements: Network access to the router is required. No authentication is needed to trigger the vulnerability.
- Affected Product: Tenda AC8V4, Firmware version V16.03.34.06
- CWE: CWE-121 (Stack-based Buffer Overflow) - This occurs when a program writes beyond the boundaries of a buffer located on the stack. This can lead to crashes, data corruption, or arbitrary code execution.
Timeline of Events
- 2025-07-24: Vulnerability reported to Tenda.
- 2025-07-24: CVE ID assigned.
- 2025-07-24: Public disclosure of the vulnerability.
Exploitability & Real-World Risk
This stack overflow vulnerability is highly exploitable due to the lack of authentication required. An attacker could craft a malicious request to the `/goform/saveParentControlInfo` endpoint, overflowing the buffer and injecting arbitrary code. This could lead to complete control of the router, allowing the attacker to intercept network traffic, modify DNS settings, or use the router as a botnet node. Given the widespread use of Tenda routers in home and small business environments, the potential impact is significant.
Recommendations
- Apply the Patch: Check the Tenda support website for firmware updates addressing this vulnerability. Apply the patch as soon as it becomes available.
- Disable Remote Access: If possible, disable remote management access to the router to reduce the attack surface.
- Strong Password: Ensure that a strong and unique password is set for the router's administrative interface.
- Network Segmentation: If feasible, segment your network to limit the impact of a compromised router.
Technical Insight
The vulnerability stems from insufficient input validation of the `time` parameter in the `/goform/saveParentControlInfo` endpoint. By sending a string longer than the allocated buffer size, an attacker can overwrite adjacent memory on the stack, including the return address. This allows them to redirect execution flow to attacker-controlled code, achieving remote code execution.
Credit to Researcher(s)
This vulnerability was discovered by TL-SN.
References
Tags
#Tenda #Router #StackOverflow #CVE-2025-51087 #Firmware #RemoteCodeExecution #Vulnerability
Summary: A stack overflow vulnerability exists in Tenda AC8V4 routers, firmware V16.03.34.06, specifically within the /goform/saveParentControlInfo endpoint. Exploitation is possible by manipulating the 'time' argument, potentially leading to remote code execution. Users are advised to apply available patches and implement security best practices.
CVE ID: CVE-2025-51087
Risk Analysis: Successful exploitation can lead to full control of the router, allowing attackers to intercept traffic, modify DNS settings, participate in botnets, or perform other malicious activities. This poses a significant risk to home and small business networks.
Recommendation: Apply the latest firmware patch from Tenda. If a patch is unavailable, disable remote management and use a strong, unique password for the router's administrative interface.
Timeline
- 2025-07-24: Vulnerability Discovered and CVE Assigned
- 2025-07-24: Public Disclosure