EUVD-2025-21259
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Analysis
CVE-2025-7532 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the webExcptypemanFilter function. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public exploit has been disclosed and the vulnerability meets criteria for active exploitation risk.
Technical Context
The vulnerability exists in a web management interface endpoint (/goform/webExcptypemanFilter) commonly found in embedded router firmware. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow where user-supplied input (the 'page' parameter) is not properly validated before being copied into a fixed-size stack buffer. This is typical in embedded device firmware written in C/C++ where bounds checking is insufficient. The affected CPE would be: cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\(408\):*:*:*:*:*:*:* (or similar variant for the Tenda FH1202 router hardware). The webform handler suggests this is a CGI-based web interface common in home/small business routing equipment.
Affected Products
[{'product': 'Tenda FH1202', 'affected_versions': ['1.2.0.14(408)'], 'component': 'Firmware (webExcptypemanFilter function)', 'cpe': 'cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\\(408\\):*:*:*:*:*:*:*', 'notes': "Likely affects other firmware versions in the 1.2.x series; testing recommended for adjacent versions. The FH1202 is a home/small office router. Check for patched versions on Tenda's official support portal."}]
Remediation
[{'type': 'Patch', 'description': "Upgrade firmware to a patched version released by Tenda after 1.2.0.14(408). Check Tenda's official support website (https://www.tendawifi.com) or device management interface for available firmware updates. Firmware updates for embedded routers are often available through the web admin console (System Settings > Firmware Upgrade).", 'priority': 'Immediate'}, {'type': 'Workaround (Temporary)', 'description': 'If patched firmware is unavailable: (1) Restrict access to the web management interface to trusted IPs only via firewall rules or admin console settings, (2) Change default admin credentials to strong, unique passwords, (3) Disable remote management access if not required (disable WAN-side access to admin interface), (4) Monitor network logs for suspicious POST requests to /goform/webExcptypemanFilter.', 'priority': 'High'}, {'type': 'Detection', 'description': "Deploy IDS/IPS rules to detect HTTP POST requests with oversized 'page' parameter values to /goform/webExcptypemanFilter. Monitor for unusual process execution or memory corruption crashes on affected devices.", 'priority': 'Medium'}, {'type': 'Vendor Advisory', 'description': 'Contact Tenda support for security bulletin and patch timeline. As of CVE publication, check: https://www.tendawifi.com/support/ for security advisories.', 'priority': 'High'}]
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today