CVE-2023-25213 in AC5
Summary
by MITRE • 04/07/2023
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/29/2025
The vulnerability identified as CVE-2023-25213 represents a critical stack overflow flaw within the Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 firmware version, specifically manifesting in the check_param_changed function. This issue falls under the Common Weakness Enumeration category of CWE-121, which encompasses stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations on the stack. The affected device operates as a wireless router or access point, making it a prime target for network-based exploitation attempts. The vulnerability stems from inadequate input validation within the firmware's parameter checking mechanism, which fails to properly sanitize user-supplied data before processing. When malicious data is passed to the check_param_changed function, the application does not perform adequate boundary checks, leading to a predictable stack corruption scenario.
The operational impact of this vulnerability extends beyond simple denial of service conditions to encompass potential arbitrary code execution capabilities. Attackers can craft specific payloads that trigger the stack overflow, causing the device to crash and restart, thereby creating a denial of service condition for legitimate users. However, more sophisticated exploitation techniques could potentially leverage this vulnerability to execute malicious code within the router's memory space, potentially allowing attackers to gain persistent access to the network infrastructure. The attack surface is particularly concerning given that routers serve as central network hubs, often maintaining administrative privileges and controlling access to sensitive internal network resources. This vulnerability aligns with ATT&CK technique T1059.007 for command and scripting interpreter, as successful exploitation could enable attackers to execute commands on the affected device, and T1566 for phishing with social engineering, as exploitation often requires crafting specific payloads that may be delivered through network-based attacks.
Mitigation strategies for CVE-2023-25213 should prioritize immediate firmware updates from Tenda, as the vendor has likely released patches addressing this specific stack overflow condition. Network administrators should implement robust network segmentation to limit the potential impact of successful exploitation attempts, while also deploying intrusion detection systems capable of identifying suspicious traffic patterns that may indicate exploitation attempts. The implementation of input validation controls and proper bounds checking within the affected software components represents the fundamental fix required to address this vulnerability. Security monitoring should include checks for unusual device restart patterns or network behavior that may indicate successful exploitation. Organizations should also consider disabling unnecessary services and ports on the affected devices to minimize potential attack vectors. The vulnerability highlights the importance of firmware security auditing and the need for manufacturers to implement proper software development lifecycle security practices, including code reviews, static analysis, and dynamic testing to identify and remediate such memory corruption vulnerabilities before deployment.