CVE-2025-7596

| EUVD-2025-21339 HIGH
2025-07-14 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 09:43 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:43 euvd
EUVD-2025-21339
PoC Detected
Jul 17, 2025 - 17:52 vuln.today
Public exploit code
CVE Published
Jul 14, 2025 - 11:15 nvd
HIGH 8.8

Tags

Buffer Overflow Fh1205 Firmware Tenda

Description

A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

A critical stack-based buffer overflow vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775) within the WifiExtraSet web form handler, triggered via the wpapsk_crypto parameter. This authenticated remote vulnerability allows attackers with user-level privileges to achieve complete system compromise including code execution, data theft, and device disruption. The vulnerability has public exploit disclosure and active exploitation potential, making it a high-priority security concern for deployed devices.

Technical Context

The vulnerability is a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in the formWifiExtraSet function accessible via the /goform/WifiExtraSet endpoint. The Tenda FH1205 is a 802.11ac dual-band wireless router that processes user-supplied Wi-Fi configuration parameters. The wpapsk_crypto parameter lacks proper input validation and length checking before being copied to a fixed-size stack buffer. The affected firmware version 2.0.0.7(775) represents the vulnerable firmware line. The vulnerability exploits insufficient bounds checking in the wireless security parameter handling code, allowing stack memory corruption that can be leveraged for arbitrary code execution within the router's embedded Linux environment.

Affected Products

Tenda FH1205 firmware version 2.0.0.7(775) is the confirmed vulnerable version. The FH1205 is a dual-band AC router sold globally. CPE identifier: cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\(775\). Potential affected product range: Tenda FH1205 with firmware versions up to and including 2.0.0.7(775); devices running this firmware in domestic, SMB, and enterprise small-office deployments. Vendor: Tenda Technology Co., Ltd. No official Tenda security advisory has been widely publicized; users should check Tenda's support portal (support.tenda.com.cn) for firmware updates.

Remediation

Immediate actions: (1) Check current firmware version via device admin panel (typically 192.168.0.1); (2) Visit Tenda's official support website and download the latest available firmware for FH1205 (versions after 2.0.0.7(775) if released); (3) Perform factory reset if no newer firmware available and device is exposed to untrusted networks; (4) Temporary mitigations pending patch: restrict administrative access to trusted IPs only using access control lists; disable remote management features; use strong, unique credentials for router admin accounts; segment the router from critical devices. (5) Monitor Tenda security advisories and firmware releases at tenda.com.cn/en/news/. (6) If a patched firmware version becomes available, apply it immediately via the web administration interface following Tenda's update procedures.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

CVE-2025-7596 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy