CVE Catalog

CVE-2025-57570

MediumCVSS 5.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

A buffer overflow vulnerability exists in the Tenda F3 router version V12.01.01.48_multi and later via the QosList parameter in the goform/setQoS function. An attacker can remotely crash the device or potentially gain control over it.

Risk Assessment

The risk involves potential remote code execution or denial of service, leading to network connectivity loss and compromise of the local network security.

Recommendation

Immediately update the Tenda F3 router firmware to the latest available version and restrict management interface access to trusted IP addresses only.

Original NVD description (English source)

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS