A critical stack-based buffer overflow vulnerability (CVE-2025-3161) has been identified in Tenda AC10 routers running firmware version 16.03.10.13. The flaw, located in the ShutdownSetAdd function of the /goform/ShutdownSetAdd endpoint, allows remote attackers to execute arbitrary code without authentication. With a CVSS score of 8.8 (High) and a public proof-of-concept (PoC) available, this vulnerability poses an immediate threat to unpatched devices1.
Technical Analysis
The vulnerability stems from improper input validation in the list argument passed to the ShutdownSetAdd function. Attackers can craft malicious requests to trigger a stack overflow, potentially leading to remote code execution (RCE). The attack vector is unauthenticated, requiring no prior access to the router2.
According to VulDB, the exploit has been publicly disclosed on GitHub, lowering the barrier for attackers3. The vulnerability shares similarities with historical flaws in Tenda routers, including CVE-2025-29135 (AC7) and CVE-2025-1814 (AC6), suggesting a pattern of insufficient input sanitization in the vendor’s firmware4.
Impact and Exploitability
The vulnerability compromises all three pillars of security: confidentiality, integrity, and availability. Successful exploitation could allow attackers to:
- Gain persistent access to the router
- Intercept network traffic
- Deploy additional malware
- Use the device as a pivot point in attacks
Security researchers have rated the exploit complexity as “Easy” due to the available PoC. The NVD entry remains pending full analysis as of publication time, though third-party sources confirm its critical nature5.
Mitigation and Response
As of April 3, 2025, Tenda has not released an official patch. Recommended workarounds include:
| Action | Implementation |
|---|---|
| Disable vulnerable endpoint | Block access to /goform/ShutdownSetAdd via firewall rules |
| Network segmentation | Isolate Tenda AC10 routers from critical network segments |
| Firmware replacement | Consider alternative firmware if business needs allow |
Organizations should monitor Tenda’s advisory page for updates and review similar vulnerabilities in related products6.
Conclusion
CVE-2025-3161 represents a significant risk to organizations using affected Tenda routers. The combination of remote exploitability, public PoC availability, and high CVSS score necessitates immediate attention. While waiting for an official patch, network administrators should implement defensive measures and monitor for suspicious activity targeting router management interfaces.
References
- “CVE-2025-3161 Detail,” NVD, [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2025-3161
- “VulDB Entry 303107,” VulDB, [Online]. Available: https://vuldb.com/?id.303107
- “SecAlerts Vulnerability Analysis,” SecAlerts, [Online]. Available: https://secalerts.co/vulnerability/CVE-2025-3161
- “CVE-2025-29135,” Tenable, [Online]. Available: https://www.tenable.com/cve/CVE-2025-29135
- “Feedly CVE Tracking,” Feedly, [Online]. Available: https://feedly.com/cve/CVE-2025-3161
- “Tenda Security Advisories,” Tenda, [Online]. Available: https://www.tenda.com.cn
