CVE-2025-7598
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-16
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ax1803_firmware | 1.0.0.1 |
| tenda | ax1803 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7598 is a critical stack-based buffer overflow vulnerability in the Tenda AX1803 router version 1.0.0.1. It occurs in the function formSetWifiMacFilterCfg via the /goform/setWifiFilterCfg endpoint. The vulnerability is triggered by manipulating the deviceList argument, which causes the stack buffer to overflow. This overflow can allow an attacker to execute arbitrary code or cause a denial of service remotely without authentication. [1, 2]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing remote attackers to execute arbitrary code or cause denial of service on the affected router. It compromises the confidentiality, integrity, and availability of the device, potentially leading to unauthorized access, disruption of network services, or complete device failure. Since it can be exploited remotely without authentication, it poses a high security risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for suspicious HTTP requests targeting the /goform/setWifiFilterCfg endpoint with a crafted deviceList parameter. Since the exploit involves sending a specially crafted request to the router, you can use network capture tools like tcpdump or Wireshark to filter for HTTP POST requests to /goform/setWifiFilterCfg. For example, using tcpdump: tcpdump -i <interface> 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and then inspecting for POST requests to /goform/setWifiFilterCfg. Additionally, checking the router's logs for unusual or malformed requests to this endpoint may help detect exploitation attempts. Since a public proof-of-concept exploit exists, testing with controlled crafted requests in a lab environment can also confirm vulnerability presence. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda AX1803 router running firmware version 1.0.0.1 with an alternative product, as no known mitigations or patches are currently published. Additionally, restricting remote access to the router's management interface, especially blocking access to the /goform/setWifiFilterCfg endpoint from untrusted networks, can reduce exposure. Implementing network-level protections such as firewall rules to block suspicious HTTP POST requests targeting this endpoint may help. Monitoring for exploitation attempts and isolating vulnerable devices from critical networks are also recommended until a firmware update or patch is available. [2]