Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
CVE-2025-7532 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the webExcptypemanFilter function. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public exploit has been disclosed and the vulnerability meets criteria for active exploitation risk.
Technical ContextAI
The vulnerability exists in a web management interface endpoint (/goform/webExcptypemanFilter) commonly found in embedded router firmware. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow where user-supplied input (the 'page' parameter) is not properly validated before being copied into a fixed-size stack buffer. This is typical in embedded device firmware written in C/C++ where bounds checking is insufficient. The affected CPE would be: cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\(408\):*:*:*:*:*:*:* (or similar variant for the Tenda FH1202 router hardware). The webform handler suggests this is a CGI-based web interface common in home/small business routing equipment.
RemediationAI
{'type': 'Patch', 'description': "Upgrade firmware to a patched version released by Tenda after 1.2.0.14(408). Check Tenda's official support website (https://www.tendawifi.com) or device management interface for available firmware updates. Firmware updates for embedded routers are often available through the web admin console (System Settings > Firmware Upgrade).", 'priority': 'Immediate'} {'type': 'Workaround (Temporary)', 'description': 'If patched firmware is unavailable: (1) Restrict access to the web management interface to trusted IPs only via firewall rules or admin console settings, (2) Change default admin credentials to strong, unique passwords, (3) Disable remote management access if not required (disable WAN-side access to admin interface), (4) Monitor network logs for suspicious POST requests to /goform/webExcptypemanFilter.', 'priority': 'High'} {'type': 'Detection', 'description': "Deploy IDS/IPS rules to detect HTTP POST requests with oversized 'page' parameter values to /goform/webExcptypemanFilter. Monitor for unusual process execution or memory corruption crashes on affected devices.", 'priority': 'Medium'} {'type': 'Vendor Advisory', 'description': 'Contact Tenda support for security bulletin and patch timeline. As of CVE publication, check: https://www.tendawifi.com/support/ for security advisories.', 'priority': 'High'}
More in Fh1202 Firmware
View allTenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat fu
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo functi
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet functio
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName functi
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceN
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter functio
Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the f
Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow vi
Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow vi
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-21259