Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
CVE-2025-7530 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit this vulnerability by supplying a malicious Username argument to the /goform/PPTPDClient endpoint, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
Technical ContextAI
This vulnerability exists in the fromPptpUserAdd function within the PPTP (Point-to-Point Tunneling Protocol) client implementation on Tenda FH1202 routers. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The vulnerable code path is accessed through the /goform/PPTPDClient web interface endpoint. PPTP is a legacy tunneling protocol often used for VPN connectivity, and the buffer overflow occurs when the Username parameter is processed without proper bounds checking, allowing an attacker to overwrite stack memory including return addresses and execute arbitrary code. The affected CPE is: cpe:2.7.a:tenda:fh1202_firmware:1.2.0.14\(408\):*:*:*:*:*:*:*
RemediationAI
Immediate actions: (1) Tenda should release a patched firmware version addressing the buffer overflow in the fromPptpUserAdd function—check Tenda's official support site for FH1202 firmware updates beyond 1.2.0.14(408); (2) Disable PPTP client functionality if not required, or restrict access to the /goform/PPTPDClient endpoint via firewall rules; (3) Implement network segmentation to limit administrative access to router management interfaces; (4) Change default router credentials and use strong passwords for any administrative accounts; (5) Monitor router logs for suspicious PPTP configuration attempts. Vendors/users should contact Tenda support directly for patch availability status. Until patches are available, disable PPTP functionality entirely if the feature is not actively used.
More in Fh1202 Firmware
View allTenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat fu
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo functi
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet functio
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName functi
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceN
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter functio
Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the f
Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow vi
Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow vi
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-21258