CVE-2025-29357

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Weakness

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software

Name	Vendor	Start Version	End Version
Rx3_firmware	Tendacn	16.03.13.11_multi_tde01 (including)	16.03.13.11_multi_tde01 (including)

Potential Mitigations

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/130.html
https://cwe.mitre.org/data/definitions/131.html
https://cwe.mitre.org/data/definitions/494.html
https://cwe.mitre.org/data/definitions/495.html
https://cwe.mitre.org/data/definitions/496.html
https://cwe.mitre.org/data/definitions/666.html

References

https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_4.pdf

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-29357
CWE	https://cwe.mitre.org/data/definitions/404.html

Improper Resource Shutdown or Release

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References