CVE-2025-6112

| EUVD-2025-18368 HIGH
2025-06-16 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18368
PoC Detected
Jul 18, 2025 - 12:49 vuln.today
Public exploit code
CVE Published
Jun 16, 2025 - 08:15 nvd
HIGH 8.8

Tags

Buffer Overflow Fh1205 Firmware Tenda

Description

A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in Tenda FH1205 firmware version 2.0.0.7 affecting the lanMask parameter in the /goform/AdvSetLanip endpoint. An authenticated remote attacker can exploit this to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, making this an active exploitation risk.

Technical Context

The vulnerability exists in the fromadvsetlanip function within Tenda's web-based router management interface. The vulnerable parameter 'lanMask' is not properly sanitized before being used in a buffer operation, triggering a classic stack-based or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). Tenda FH1205 is a residential WiFi router that uses embedded Linux with a web administration interface typically written in C/C++. The /goform/ endpoint pattern is common in Tenda devices for handling configuration changes. The buffer overflow allows an attacker to write beyond allocated memory boundaries, potentially overwriting function pointers, return addresses, or adjacent heap structures to gain remote code execution.

Affected Products

CPE: cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7:*:*:*:*:*:*:* and cpe:2.3:h:tenda:fh1205:*:*:*:*:*:*:*:*. Affected Device: Tenda FH1205 (also marketed as FH1205v2.0 or similar variants). Affected Firmware Version: 2.0.0.7 explicitly. Other nearby versions (2.0.0.x series) are likely vulnerable due to shared codebases but require individual verification. No vendor advisory link provided in description; check Tenda's security portal or contact Tenda support directly at [email protected].

Remediation

Immediate actions: (1) If patch available: Upgrade to firmware version beyond 2.0.0.7 (check Tenda's official support page for FH1205). (2) If no patch: Disable remote management/WAN access to the web interface (set to LAN-only if available in UI). (3) Change default credentials and enforce strong passwords on router admin account. (4) Isolate affected routers on segregated networks if possible. (5) Monitor for unauthorized configuration changes or signs of compromise (unusual CPU/memory usage, unexpected outbound connections). (6) Check Tenda's official advisory at https://www.tenda.com.cn or contact their support for patch ETA. (7) Consider replacement with patched firmware version or alternative router if patch is not forthcoming. Temporary mitigation: Block WAN access to port 80/443 on the router's admin interface via firewall rules.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +44
POC: +20

Share

CVE-2025-6112 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy