CVE-2025-7549

| EUVD-2025-21282 HIGH
2025-07-13 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 09:18 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:18 euvd
EUVD-2025-21282
PoC Detected
Jul 15, 2025 - 18:32 vuln.today
Public exploit code
CVE Published
Jul 13, 2025 - 23:15 nvd
HIGH 8.8

Tags

Buffer Overflow Fh1201 Firmware Tenda

Description

A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.

Technical Context

The vulnerability exists in the frmL7ProtForm function within the /goform/L7Prot endpoint of Tenda FH1201 router firmware. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a classic stack-based buffer overflow where user-supplied input to the 'page' parameter is not properly validated or bounds-checked before being written to a fixed-size stack buffer. Tenda FH1201 is a consumer-grade wireless router running proprietary firmware. The L7Prot functionality typically handles Layer 7 protocol filtering/management in the device's web interface. The lack of input validation on web form parameters is a common vulnerability class in embedded device firmware where memory safety is not enforced.

Affected Products

Tenda FH1201 firmware version 1.2.0.14(408) is confirmed affected. The product identifier is: CPE:2.3:h:tenda:fh1201:*:*:*:*:*:*:*:* with affected firmware versions including at minimum 1.2.0.14(408). Related Tenda router models and firmware versions may share similar code paths and warrant security review. Users should verify their device model (check router label) and firmware version (accessible via admin web interface, typically at 192.168.0.1 or similar). No vendor advisory URL is provided in the available data; users should check Tenda's official security advisories at their support portal.

Remediation

Immediate actions: (1) Patch to the latest available firmware version for FH1201 (check Tenda support website for versions newer than 1.2.0.14(408)); (2) if patch unavailable, apply temporary mitigations—restrict admin interface access to trusted IPs via firewall rules, disable remote management if enabled, change default credentials immediately; (3) monitor for suspicious access patterns in router logs. Specific patch version numbers are not available in provided references—contact Tenda support or check their official firmware download page for available updates. Workaround: disallow access to /goform/L7Prot endpoint at network perimeter until patch is applied. Consider network segmentation to limit impact if device is compromised.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

CVE-2025-7549 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy