A critical remote code execution vulnerability has been identified in multiple Tenda products, tracked as CVE-2025-15045. This flaw allows an unauthenticated, remote attacker to take complete control of an affected device by sending a specially crafted web request, posing a severe risk of network compromise, data theft, and further internal attacks.

The vulnerability is a stack-based buffer overflow within the HTTP Request Handler component of the device's firmware. Specifically, an unknown function processing requests to the /goform/Natlimit endpoint fails to properly validate the length of the page argument. An unauthenticated remote attacker can send a crafted HTTP request with an overly long value for the page argument, triggering the buffer overflow and allowing for the execution of arbitrary code with the privileges of the web server process, which is likely root.

This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the ease of exploitation and the potential for severe impact. A successful exploit grants an attacker complete control over the affected network device. This could lead to a full network compromise, interception of sensitive data traversing the network, deployment of malware, and using the compromised device as a pivot point to attack other internal systems. The device could also be co-opted into a botnet for use in larger-scale attacks like DDoS, posing a significant risk to business operations, data confidentiality, and organizational reputation.

Immediate Action: Update A flaw has been found in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs. Prioritize patching for all internet-facing devices immediately.

Proactive Monitoring: Security teams should actively monitor for anomalous HTTP requests to the /goform/Natlimit endpoint, particularly those containing an unusually long page parameter. Monitor network traffic for unexpected outbound connections from Tenda devices, which could indicate a successful compromise and communication with a command-and-control server. Review web server logs on the devices for repeated requests or errors related to the vulnerable endpoint.

Compensating Controls: If immediate patching is not feasible, restrict access to the device's web management interface from the internet. If remote management is necessary, configure firewall rules to only allow access from trusted, whitelisted IP addresses. Implement network segmentation to isolate vulnerable devices from critical internal network segments to limit the potential blast radius of a compromise.

Public Exploit Available: true

Immediate action is required. Due to the critical CVSS score of 9.8, remote exploitability without authentication, and the confirmed availability of a public exploit, this vulnerability poses a severe and imminent threat. Organizations must prioritize the identification and patching of all affected Tenda devices. Apply the vendor-provided firmware updates immediately to prevent a full network compromise.