How to fix CVE-2025-7465?

Within 24 hours: Inventory all Tenda FH1201 devices in production and isolate affected units from critical networks if possible. Within 7 days: Implement network segmentation to restrict administrative access to these devices, disable remote management features, and apply WAF rules blocking POST requests to /goform/fromRouteStatic with oversized payloads. Within 30 days: Develop a hardware replacement plan and contact Tenda for patch availability; consider upgrading to alternative vendor equipment with active security support.

Is Fh1201 Firmware affected by CVE-2025-7465?

A remotely exploitable buffer overflow vulnerability in Tenda FH1201 routers (version 1.2.0.14) has been publicly disclosed with working exploit code available.

CVE-2025-7465

EUVD-2025-21208 HIGH

2025-07-12 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 08:56 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 08:56 euvd

EUVD-2025-21208

PoC Detected

Jul 15, 2025 - 18:09 vuln.today

Public exploit code

CVE Published

Jul 12, 2025 - 07:15 nvd

HIGH 8.8

Description

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.

Technical Context

The vulnerability exists in the /goform/fromRouteStatic endpoint of Tenda FH1201 wireless router firmware. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which occurs when the HTTP POST handler fails to properly validate or bound-check the 'page' parameter before copying it into a fixed-size buffer. This classic stack or heap buffer overflow in a network-facing HTTP handler allows memory corruption and arbitrary code execution. The affected product is a consumer-grade WiFi router (CPE: cpe:2.3:o:tenda:fh1201_firmware:1.2.0.14). The vulnerability is in the embedded HTTP server component that processes router configuration requests, making it directly exploitable via network access.

Affected Products

FH1201 (['1.2.0.14'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: +20

CVE-2025-7465 vulnerability details – vuln.today

Back

CVE-2025-7465

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-7465

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code