Security readout for executives and security teams
Plain-English summary
CVE-2025-57570 is a reported buffer overflow in Tenda F3 router firmware involving the QoS configuration path. If exposed, an unauthenticated network attacker may affect confidentiality, integrity, and availability, but the CVSS vector rates exploitation as high complexity.
Executive priority
Treat as a moderate network-edge risk. Prioritize devices with internet-exposed or broadly reachable management interfaces, but avoid emergency escalation unless new sources confirm exploitation or severe impact.
Technical view
The issue is CWE-120 in the QosList parameter handled by goform/setQoS on Tenda F3 V12.01.01.48_multi and later. CVSS 3.1 is 5.6: network reachable, no privileges, no user interaction, high attack complexity, and low C/I/A impact.
Likely exposure
Exposure is likely limited to Tenda F3 devices running V12.01.01.48_multi or later where the relevant management interface is reachable. The CVE record lacks formal CPE, vendor, and product metadata, so inventory validation must use device model and firmware checks.
Exploitation context
The source bundle does not show CISA KEV listing or confirmed active exploitation. A public GitHub reference is cited, but the available CVE metadata does not establish real-world exploitation, patch status, or broad targeting.
Researcher notes
Evidence is limited. The affected range is described as V12.01.01.48_multi and after, but structured affected-product data is n/a. Validate firmware behavior in a controlled lab and avoid assuming patch availability from the CVE record alone.
Mitigation direction
Check Tenda guidance for fixed firmware or official mitigation.
Restrict router management interfaces to trusted administrative networks.
Disable unnecessary remote administration exposure on affected devices.
Replace devices if no supported fixed firmware is available.
Monitor for unexpected QoS changes, crashes, or management access anomalies.
Validation and detection
Inventory Tenda F3 routers and record exact firmware versions.
Confirm whether management endpoints are reachable from untrusted networks.
Check whether devices run V12.01.01.48_multi or later.
Review logs for crashes or suspicious QoS configuration changes.
Track vendor advisories and scanner coverage for this CVE.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-120: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-120 · source CWE mapping
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.