CVE Catalog

CVE-2025-57572

MediumCVSS 5.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

A buffer overflow vulnerability exists in the Tenda F3 device version V12.01.01.48_multi and later, in the onlineList parameter of the goform/setParentControl function. An attacker can remotely cause a crash or potentially take control of the device.

Risk Assessment

The risk includes remote code execution or denial of service, potentially compromising the security of a home or small office network.

Recommendation

Immediately update the Tenda F3 firmware to the latest patched version if available. If no patch is available, restrict administrative access to trusted networks only.

Original NVD description (English source)

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS