CVE-2025-29361 — Classic Buffer Overflow in RX3 Firmware

CWE-120 — Classic Buffer Overflow CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 73.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda RX3 Firmware

Timeline

PublishedMar 13

Latest updateOct 10

Description

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDtenda/rx3_firmware16.03.13.11_multi_tde01

🔴Vulnerability Details

CVEList

CVE-2025-29361: Tenda RX3 US_RX3V1↗2025-03-13

▶

GHSA

GHSA-f5cq-p3m3-57vm: Tenda RX3 US_RX3V1↗2025-03-13

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Tenda SetVirtualServerCfg list Parameter Buffer Overflow Attempt (CVE-2025-29361, CVE-2024-4112, CVE-2024-40416, CVE-2024-10282, CVE-2025-65220)↗2025-10-10

▶

📋Vendor Advisories

Microsoft

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command where overflow c↗2020-12-08

▶