CVE-2025-29384

CRITICAL

Tenda AC9 v1.0 V15.03.05.14_multi - Stack Overflow via wanMTU Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-29384. PoCs published by Otsmane-Ahmed.

AI-analyzed exploit summary This repository contains a Python-based PoC exploit and a Ruby Metasploit module for CVE-2025-29384, a stack-based buffer overflow in Tenda AC9 routers (firmware V15.03.05.14_multi). The exploit targets the `/goform/AdvSetMacMtuWan` endpoint via an oversized `wanMTU` parameter, leading to DoS and potential RCE.

Description

In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Exploits (1)

nomisec WORKING POC 5 stars
by Otsmane-Ahmed · poc
https://github.com/Otsmane-Ahmed/cve-2025-29384-poc

This repository contains a Python-based PoC exploit and a Ruby Metasploit module for CVE-2025-29384, a stack-based buffer overflow in Tenda AC9 routers (firmware V15.03.05.14_multi). The exploit targets the `/goform/AdvSetMacMtuWan` endpoint via an oversized `wanMTU` parameter, leading to DoS and potential RCE.

Classification
Working Poc 95%
Attack Type
Dos, Rce
Complexity
Moderate
Reliability
Reliable
Target: Tenda AC9 firmware V15.03.05.14_multi
No auth needed
Prerequisites: Python 3.x · Metasploit Framework (for Ruby module) · Network access to vulnerable Tenda AC9 router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0166
EPSS Percentile 73.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
tenda/ac9_firmware 15.03.05.14
Published Mar 14, 2025
Tracked Since Feb 18, 2026