CVE-2025-57572
MediumCVSS 5.6Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
A buffer overflow vulnerability exists in the Tenda F3 device version V12.01.01.48_multi and later, in the onlineList parameter of the goform/setParentControl function. An attacker can remotely cause a crash or potentially take control of the device.
Risk Assessment
The risk includes remote code execution or denial of service, potentially compromising the security of a home or small office network.
Recommendation
Immediately update the Tenda F3 firmware to the latest patched version if available. If no patch is available, restrict administrative access to trusted networks only.
Original NVD description (English source)
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.

