How to fix CVE-2025-7551?

Within 24 hours: Inventory all Tenda FH1201 devices in the network and isolate any running version 1.2.0.14(408) from production environments or restrict network access to the device's management interface. Within 7 days: Implement network segmentation to limit lateral movement if compromise occurs, deploy WAF/IPS rules to block exploitation attempts, and disable PPTP VPN functionality if not business-critical. Within 30 days: Develop a replacement plan for affected devices, contact Tenda for patch availability status, and consider migrating to alternative router solutions from vendors with active patch management.

Is Fh1201 Firmware affected by CVE-2025-7551?

A critical remote code execution vulnerability affects Tenda FH1201 wireless routers (version 1.2.0.14(408), allowing unauthenticated attackers to execute arbitrary code through a stack buffer overflow.

CVE-2025-7551

EUVD-2025-21280 HIGH

2025-07-14 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 09:43 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 09:43 euvd

EUVD-2025-21280

PoC Detected

Jul 15, 2025 - 18:32 vuln.today

Public exploit code

CVE Published

Jul 14, 2025 - 00:15 nvd

HIGH 8.8

Description

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.

Technical Context

The vulnerability exists in the fromPptpUserAdd function within the /goform/PPTPDClient endpoint of Tenda's PPTP (Point-to-Point Tunneling Protocol) client implementation. This is a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) vulnerability where user-supplied input (modino and username parameters) is not properly validated for length before being written to a stack-allocated buffer. PPTP is a legacy VPN tunneling protocol commonly used in enterprise and ISP environments. The Tenda FH1201 is a wireless router/gateway device that integrates PPTP client functionality. The vulnerable code path is reachable via HTTP POST to /goform/PPTPDClient without requiring elevated privileges beyond basic authentication, making this accessible to any authenticated user on the network or remotely if authentication bypass exists.

Affected Products

Tenda FH1201 firmware version 1.2.0.14(408) and potentially earlier versions. CPE: cpe:2.3:o:tenda:fh1201_firmware:1.2.0.14(408):*:*:*:*:*:*:* or cpe:2.3:h:tenda:fh1201:-:*:*:*:*:*:*:*. The FH1201 is a multi-functional networking device; other Tenda devices using the same PPTP client codebase (such as AC series routers) may be similarly affected if they share the vulnerable fromPptpUserAdd function implementation. Firmware versions between 1.2.0.x and 1.2.0.14(408) should be considered potentially vulnerable pending vendor confirmation.

Remediation

Immediate remediation steps: (1) Check for available firmware patches from Tenda's support portal and apply the latest version immediately; (2) If running FH1201, contact Tenda support for patched firmware release; as of analysis date, version 1.2.0.14(408) is confirmed vulnerable, so upgrade to any version > 1.2.0.14(408) when available; (3) Interim mitigations if patching is delayed: disable PPTP client functionality in router settings if not required for operations; restrict access to the /goform/PPTPDClient endpoint via firewall or access control lists; enforce strong authentication and network segmentation to limit who can authenticate to the router; monitor for unauthorized PPTP configuration changes; (4) Implement network intrusion detection signatures for POST requests to /goform/PPTPDClient with suspicious modino/username parameter lengths (>buffer size); (5) Consider replacing the Tenda FH1201 with alternative vendors with more responsive security patching if critical infrastructure application. Vendor advisory link: contact Tenda support directly as no public advisory URL was provided in CVE references.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +44

POC: +20

CVE-2025-7551 vulnerability details – vuln.today

Back

CVE-2025-7551

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-7551

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code