EUVD-2025-21096

| CVE-2025-7420 HIGH
2025-07-11 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 08:17 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 08:17 euvd
EUVD-2025-21096
PoC Detected
Jul 16, 2025 - 16:40 vuln.today
Public exploit code
CVE Published
Jul 11, 2025 - 00:15 nvd
HIGH 8.8

Tags

Buffer Overflow RCE O3 Firmware Tenda

Description

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-7420 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the httpd component's WiFi configuration handler. An authenticated remote attacker can overflow the stack via the 'extChannel' parameter in the /goform/setWrlBasicInfo endpoint, achieving complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code has been disclosed and the vulnerability meets CVSS 8.8 severity criteria, indicating high real-world risk for affected router deployments.

Technical Context

The vulnerability exists in the formWifiBasicSet function within the httpd daemon of Tenda O3V2 routers, which handles HTTP POST requests to /goform/setWrlBasicInfo for modifying wireless basic settings. The 'extChannel' parameter is processed without proper bounds checking before being copied into a stack-allocated buffer (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer), resulting in classic stack-based buffer overflow. This is a common pattern in embedded router firmware where input validation is insufficient. The httpd service typically runs with elevated privileges on embedded Linux systems, making exploitation particularly dangerous. CPE identifier: cpe:2.7.a:tenda:o3v2_firmware:1.0.0.12. The vulnerability affects the router's wireless configuration subsystem, which is accessible after authentication but prior to CSRF protections being fully evaluated.

Affected Products

O3V2 (['1.0.0.12(3880)'])

Remediation

Monitor Tenda's official security advisory and firmware release pages for patched firmware versions. Users should check tenda.com.cn or their regional Tenda support site for firmware updates beyond 1.0.0.12(3880). Immediate Mitigation: Restrict network access to the httpd service: disable remote management/WAN-side access to the router's web interface via router settings (disable 'Remote Management' or 'UPnP' if enabled). Network-level Mitigation: Implement network segmentation: isolate Tenda O3V2 devices on a guest/IoT VLAN with restricted access to sensitive systems; use firewall rules to limit WiFi client access to critical resources. Access Control: Change default administrative credentials to strong, unique passwords; disable default accounts if possible; restrict administrative access to known/trusted IP ranges only. Monitoring: Log and alert on POST requests to /goform/setWrlBasicInfo with oversized or suspicious 'extChannel' parameters; monitor for unexpected router reboots or firmware modifications. Long-term: Plan hardware replacement or migration to Tenda firmware versions/models that receive active security support; evaluate routers from vendors with demonstrated firmware security update cadence.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

EUVD-2025-21096 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy