What is the CVSS score of EUVD-2025-21208?

EUVD-2025-21208 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Fh1201 Firmware are affected by EUVD-2025-21208?

A remotely exploitable buffer overflow vulnerability in Tenda FH1201 routers (version 1.2.0.14) has been publicly disclosed with working exploit code available.

Is there a public PoC exploit available for EUVD-2025-21208?

Yes, a public proof-of-concept exploit is available for EUVD-2025-21208. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate EUVD-2025-21208?

Within 24 hours: Inventory all Tenda FH1201 devices in production and isolate affected units from critical networks if possible. Within 7 days: Implement network segmentation to restrict administrative access to these devices, disable remote management features, and apply WAF rules blocking POST requests to /goform/fromRouteStatic with oversized payloads. Within 30 days: Develop a hardware replacement plan and contact Tenda for patch availability; consider upgrading to alternative vendor equipment with active security support.

Fh1201 Firmware EUVD-2025-21208

| CVE-2025-7465 HIGH

Buffer Overflow (CWE-119)

2025-07-12 cna@vuldb.com

Buffer Overflow Fh1201 Firmware Tenda

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 08:56 euvd

EUVD-2025-21208

Analysis Generated

Mar 16, 2026 - 08:56 vuln.today

PoC Detected

Jul 15, 2025 - 18:09 vuln.today

Public exploit code

CVE Published

Jul 12, 2025 - 07:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.

Technical ContextAI

The vulnerability exists in the /goform/fromRouteStatic endpoint of Tenda FH1201 wireless router firmware. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which occurs when the HTTP POST handler fails to properly validate or bound-check the 'page' parameter before copying it into a fixed-size buffer. This classic stack or heap buffer overflow in a network-facing HTTP handler allows memory corruption and arbitrary code execution. The affected product is a consumer-grade WiFi router (CPE: cpe:2.3:o:tenda:fh1201_firmware:1.2.0.14). The vulnerability is in the embedded HTTP server component that processes router configuration requests, making it directly exploitable via network access.

EUVD-2025-21208 vulnerability details – vuln.today

Back

Fh1201 Firmware EUVD-2025-21208

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Share

External POC / Exploit Code