Introduction - Engaging opening that highlights real impact and significance
Remote attackers can gain control over Tenda AC7 routers running firmware version 15.03.06.44 by exploiting a stack-based buffer overflow in the web management interface. With public exploit code available, this vulnerability exposes consumer and small business networks to code execution risks and device compromise.
Tenda is a widely recognized manufacturer of consumer and small business networking equipment, with a global presence and millions of devices deployed. The AC7 is a popular wireless router model, and vulnerabilities in its firmware can have significant impact on home and office network security.
Technical Information
CVE-2025-11528 is a stack-based buffer overflow vulnerability in the Tenda AC7 router firmware version 15.03.06.44. The issue resides in the /goform/saveAutoQos endpoint, which is part of the router's web management interface. When processing HTTP POST requests to this endpoint, the firmware parses the enable parameter and stores its value in a fixed-size buffer allocated on the stack. However, the implementation fails to properly check the length of the user-supplied enable value before copying it into the buffer.
If an attacker submits an oversized value for the enable parameter, the buffer is overflowed. This can overwrite adjacent memory on the stack, including the function's return address. As a result, an attacker can potentially redirect execution flow and achieve remote code execution on the device. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The attack can be performed remotely via network access to the web interface, and does not require prior authentication if the management interface is exposed.
Public exploit code for this vulnerability is available, which demonstrates how to trigger the overflow and potentially execute arbitrary code. No official patch or detection guidance has been published as of the time of writing.
Affected Systems and Versions
- Product: Tenda AC7 wireless router
- Firmware version: 15.03.06.44
- The vulnerability affects the
/goform/saveAutoQosendpoint - Only this specific firmware version is confirmed to be affected based on public sources
Vendor Security History
Tenda has a documented history of buffer overflow vulnerabilities in its router products, often involving the /goform/ endpoints. Previous CVEs such as CVE-2025-11325, CVE-2025-11327, and CVE-2025-11123 describe similar stack-based buffer overflows in other Tenda models and firmware versions. The vendor's response to these issues has been inconsistent, with delays or lack of official advisories and patches for several critical vulnerabilities. This pattern suggests ongoing challenges in secure coding practices and vulnerability management within Tenda's development process.
