EUVD-2025-21256
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Analysis
CVE-2025-7529 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) that allows authenticated remote attackers to achieve complete system compromise through manipulation of the 'page' parameter in the /goform/Natlimit endpoint. With a CVSS score of 8.8, public exploit disclosure, and confirmation of active exploitation potential, this vulnerability poses significant real-world risk to deployed Tenda router installations.
Technical Context
The vulnerability exists in the fromNatlimit function within the Tenda FH1202 router's web management interface. This is a stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) caused by insufficient input validation on the 'page' parameter. The affected endpoint /goform/Natlimit processes NAT (Network Address Translation) limit configuration requests. Tenda routers are embedded Linux-based devices running proprietary firmware; the vulnerability likely stems from unsafe C string handling (strcpy, sprintf, or similar) in the CGI handler without proper bounds checking. CPE: cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\(408\):*:*:*:*:*:*:* (firmware) and cpe:2.3:h:tenda:fh1202:*:*:*:*:*:*:*:* (hardware). The stack overflow allows arbitrary code execution in the context of the web service process, typically running with elevated privileges on embedded devices.
Affected Products
[{'vendor': 'Tenda', 'product': 'FH1202', 'affected_versions': ['1.2.0.14(408)'], 'confirmed_vulnerable_cpe': 'cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\\(408\\):*:*:*:*:*:*:*', 'product_type': 'Wireless Router (300Mbps)', 'notes': 'Likely affects other 1.2.0.x versions; version scope requires vendor confirmation'}]
Remediation
[{'type': 'Patch', 'action': 'Contact Tenda support or check https://www.tenda.com.cn/ for firmware updates beyond 1.2.0.14(408). Apply latest stable firmware release for FH1202.', 'priority': 'CRITICAL - Apply immediately'}, {'type': 'Workaround', 'action': "Restrict access to the router's web management interface (typically port 80/443) at the network boundary. Disable WAN-side access to the web interface if possible (check router settings under 'Remote Management' or equivalent). Use a VPN or bastion host for legitimate administrative access.", 'priority': 'IMMEDIATE - Deploy if patching is delayed'}, {'type': 'Mitigation', 'action': 'Change default router credentials immediately. Implement network segmentation to limit access to administrative interfaces. Monitor for suspicious requests to /goform/Natlimit endpoint in access logs.', 'priority': 'HIGH - Implement in parallel with other controls'}, {'type': 'Detection', 'action': "Monitor HTTP POST requests to /goform/Natlimit with unusually long 'page' parameter values (>512 bytes). Log and alert on such requests. Review router access logs for unauthorized administrative access.", 'priority': 'MEDIUM - Deploy logging rules'}]
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today