CVE-2025-7531

| EUVD-2025-21260 HIGH
2025-07-13 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 09:18 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:18 euvd
EUVD-2025-21260
PoC Detected
Jul 16, 2025 - 14:56 vuln.today
Public exploit code
CVE Published
Jul 13, 2025 - 16:15 nvd
HIGH 8.8

Tags

Buffer Overflow Fh1202 Firmware Tenda

Description

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-7531 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP user settings function. An authenticated remote attacker can exploit improper input validation on the 'delno' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and represents active exploitation risk.

Technical Context

This vulnerability exists in the fromPptpUserSetting function within the /goform/PPTPUserSetting endpoint of Tenda FH1202 wireless router firmware. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow triggered by insufficient bounds checking on the 'delno' parameter. PPTP (Point-to-Point Tunneling Protocol) is a VPN protocol commonly configured through web management interfaces in residential routers. The buffer overflow occurs when user-supplied input to this function exceeds allocated stack memory, allowing an attacker to overwrite the return address and achieve arbitrary code execution. The affected CPE is likely: cpe:2.4.2:tenda:fh1202:1.2.0.14\(408\):*:*:*:*:*:*:* or similar firmware version designation.

Affected Products

[{'vendor': 'Tenda', 'product': 'FH1202', 'affected_versions': ['1.2.0.14(408)'], 'product_type': 'Wireless Router (Firmware)', 'cpe': 'cpe:2.3.2:tenda:fh1202:1.2.0.14\\(408\\):*:*:*:*:*:*:*', 'note': 'FH1202 is a residential 802.11 wireless router; verify exact affected firmware build numbers as Tenda uses parenthetical build identifiers'}]

Remediation

[{'type': 'Patch', 'action': "Firmware update - Contact Tenda support or check fccid.io and Tenda's official support portal for patched firmware versions newer than 1.2.0.14(408). Verify checksum/signature before deployment.", 'priority': 'CRITICAL - Apply immediately if available'}, {'type': 'Workaround (if patch unavailable)', 'action': 'Disable PPTP functionality entirely if not required, or restrict access to the /goform/PPTPUserSetting endpoint via firewall/ACL rules to trusted IPs only. Implement network segmentation to limit router management access to authenticated users on trusted networks only.', 'priority': 'HIGH - Temporary until patch available'}, {'type': 'Network Mitigation', 'action': "Implement rate limiting and IDS/IPS signatures for /goform/PPTPUserSetting requests with abnormal 'delno' parameter values. Monitor router logs for suspicious PPTP configuration changes.", 'priority': 'MEDIUM - Defense-in-depth'}, {'type': 'Access Control', 'action': 'Enforce strong authentication credentials on router management interface. Disable default credentials. Limit management interface accessibility (disable WAN-side access if possible).', 'priority': 'HIGH'}]

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +44
POC: +20

Share

CVE-2025-7531 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy