Skip to main content
Mallory
Back to vulnerabilities
HighPublic exploit

Buffer Overflow in Tenda AC23 saveParentControlInfo

IdentifiersCVE-2025-12596CWE-120· Buffer Copy without Checking Size…

CVE-2025-12596 is a remotely exploitable buffer overflow vulnerability affecting Tenda AC23 firmware version 16.03.07.52. The flaw is in the saveParentControlInfo function exposed through the /goform/saveParentControlInfo endpoint. According to the provided content, crafted manipulation of the Time argument can trigger a buffer overflow, resulting in memory corruption in the router process handling the request. Public exploit details have been disclosed.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause memory corruption in the affected Tenda AC23 service and may allow an attacker to compromise the integrity, confidentiality, and availability of the device. The provided scoring and classification indicate high impact across C, I, and A. At minimum, exploitation may crash the vulnerable service or device; depending on exploit reliability and runtime conditions, it may also enable further control over the affected router process.

Mitigation

If you can’t patch tonight, do this now.

Restrict network access to the router management interface and specifically to the /goform/saveParentControlInfo functionality so it is not reachable from untrusted networks. Limit administrative exposure to trusted hosts or management VLANs, disable remote administration if not required, and place the device behind ACLs/firewall rules. Additional defensive measures include monitoring for unexpected requests targeting /goform/saveParentControlInfo and filtering malformed or oversized input to the Time parameter where possible.

Remediation

Patch, then assume compromise.

Apply vendor-provided firmware updates or fixed releases from Tenda as soon as they are available for AC23 devices running 16.03.07.52. Because the vulnerable condition is tied to unsafe handling of the Time parameter in /goform/saveParentControlInfo, remediation should include correcting bounds checking and input handling for that parameter. If no patched firmware is available, prioritize upgrading to a non-vulnerable firmware branch or replacing the affected device.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
TendaAc23 Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app
breakglass intelNews
Mar 15, 2026
SalatStealer's New Trick: Using TON Blockchain DNS to Make C2 Takedowns Impossible - Breakglass Intelligence - Breakglass Intelligence

A CVE identifier used as lure branding for a fake exploit repository distributing SalatStealer; no technical details of the vulnerability are provided.

Read more
securelistNews
Dec 23, 2025
Webrat, disguised as exploits, is spreading via GitHub repositories | Securelist

A CVE identifier referenced as part of the campaign’s trojanized GitHub “exploit” repository naming; no technical vulnerability details are provided in the article.

Read more
help net securityNews
Dec 23, 2025
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits

A vulnerability in the Tenda AC23 wireless router.

Read more
cvefeed high severityNews
Nov 2, 2025
CVE-2025-12596 - Tenda AC23 saveParentControlInfo buffer overflow

A remote buffer overflow vulnerability in the Tenda AC23 router firmware (16.03.07.52) within the /goform/saveParentControlInfo endpoint’s saveParentControlInfo function, triggered via manipulation of the Time argument; public exploit disclosure is noted.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity5

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-12596
NVD
nvd.nist.gov/vuln/detail/CVE-2025-12596
MITRE CWE · CWE-120
Buffer Copy without Checking Size of Input…
Third Party Advisory
github.com/LX-LX88/cve/issues/9
Third Party Advisory
vuldb.com/?id.330891
Third Party Advisory
vuldb.com/?submit.677585
Permissions Required
vuldb.com/?ctiid.330891
Product
tenda.com.cn