CVE-2025-57570
MediumCVSS 5.6Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A buffer overflow vulnerability exists in the Tenda F3 router version V12.01.01.48_multi and later via the QosList parameter in the goform/setQoS function. An attacker can remotely crash the device or potentially gain control over it.
Risk Assessment
The risk involves potential remote code execution or denial of service, leading to network connectivity loss and compromise of the local network security.
Recommendation
Immediately update the Tenda F3 router firmware to the latest available version and restrict management interface access to trusted IP addresses only.
Original NVD description (English source)
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.

