CVE-2025-7550

| EUVD-2025-21281 HIGH
2025-07-13 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 09:18 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:18 euvd
EUVD-2025-21281
PoC Detected
Jul 15, 2025 - 18:32 vuln.today
Public exploit code
CVE Published
Jul 13, 2025 - 23:15 nvd
HIGH 8.8

Tags

Buffer Overflow Fh1201 Firmware Tenda

Description

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.

Technical Context

The vulnerability exists in the fromGstDhcpSetSer function within the Tenda FH1201 router's web management interface. The flaw is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack-based buffer overflow. The /goform/GstDhcpSetSer endpoint processes DHCP server configuration parameters without proper input validation, specifically failing to bounds-check the 'dips' parameter before copying it to a fixed-size stack buffer. This allows an attacker to overwrite the stack frame, including return addresses, enabling code execution. Tenda FH1201 (CPE: cpe:2.3:o:tenda:fh1201_firmware:1.2.0.14(408)) is an entry-level WiFi router commonly deployed in home and small business environments.

Affected Products

[{'vendor': 'Tenda', 'product': 'FH1201', 'affected_versions': ['1.2.0.14(408)'], 'cpe': 'cpe:2.3:o:tenda:fh1201_firmware:1.2.0.14\\(408\\):*:*:*:*:*:*:*', 'component': '/goform/GstDhcpSetSer endpoint', 'notes': 'Earlier and potentially later versions may also be affected; vendor advisories should be consulted for comprehensive version scope'}]

Remediation

[{'type': 'Patch', 'action': 'Apply latest firmware update from Tenda support portal. Check for firmware versions newer than 1.2.0.14(408). Verify patch availability at https://www.tenda.com.cn/ or regional Tenda support site.', 'priority': 'IMMEDIATE'}, {'type': 'Network Segmentation', 'action': 'Restrict access to router web management interface (typically port 80/443) to trusted networks only. Use firewall rules to block external access to /goform/* endpoints.', 'priority': 'HIGH'}, {'type': 'Access Control', 'action': 'Change default router credentials from factory defaults. This attack requires PR:L (authenticated access), so strong credentials increase barrier.', 'priority': 'HIGH'}, {'type': 'Monitoring', 'action': "Monitor router logs for suspicious POST requests to /goform/GstDhcpSetSer with unusual 'dips' parameter values or repeated failed authentication attempts.", 'priority': 'MEDIUM'}, {'type': 'Replacement', 'action': 'If patched firmware is unavailable, consider replacing device with patched model or alternative vendor solution.', 'priority': 'CRITICAL if patch unavailable'}]

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

CVE-2025-7550 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy