What is the CVSS score of EUVD-2025-21281?

EUVD-2025-21281 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Fh1201 Firmware are affected by EUVD-2025-21281?

A critical remote code execution vulnerability affects Tenda FH1201 wireless routers (firmware 1.2.0.14(408)) with no available patch.

Is there a public PoC exploit available for EUVD-2025-21281?

Yes, a public proof-of-concept exploit is available for EUVD-2025-21281. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate EUVD-2025-21281?

Within 24 hours: Inventory all Tenda FH1201 devices and isolate affected units from production networks if possible; disable remote management access and restrict access to the router's management interface to trusted IPs only. Within 7 days: Evaluate migration to alternative router vendors; contact Tenda for patch availability and timeline; implement network segmentation to minimize lateral movement if compromise occurs. Within 30 days: Complete replacement of affected devices with vendor-patched alternatives or different manufacturers; verify no unauthorized access or configuration changes occurred on affected routers.

Fh1201 Firmware EUVD-2025-21281

| CVE-2025-7550 HIGH

Buffer Overflow (CWE-119)

2025-07-13 cna@vuldb.com

Buffer Overflow Fh1201 Firmware Tenda

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 09:18 euvd

EUVD-2025-21281

Analysis Generated

Mar 16, 2026 - 09:18 vuln.today

PoC Detected

Jul 15, 2025 - 18:32 vuln.today

Public exploit code

CVE Published

Jul 13, 2025 - 23:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.

Technical ContextAI

The vulnerability exists in the fromGstDhcpSetSer function within the Tenda FH1201 router's web management interface. The flaw is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack-based buffer overflow. The /goform/GstDhcpSetSer endpoint processes DHCP server configuration parameters without proper input validation, specifically failing to bounds-check the 'dips' parameter before copying it to a fixed-size stack buffer. This allows an attacker to overwrite the stack frame, including return addresses, enabling code execution. Tenda FH1201 (CPE: cpe:2.3:o:tenda:fh1201_firmware:1.2.0.14(408)) is an entry-level WiFi router commonly deployed in home and small business environments.

RemediationAI

{'type': 'Patch', 'action': 'Apply latest firmware update from Tenda support portal. Check for firmware versions newer than 1.2.0.14(408). Verify patch availability at https://www.tenda.com.cn/ or regional Tenda support site.', 'priority': 'IMMEDIATE'} {'type': 'Network Segmentation', 'action': 'Restrict access to router web management interface (typically port 80/443) to trusted networks only. Use firewall rules to block external access to /goform/* endpoints.', 'priority': 'HIGH'} {'type': 'Access Control', 'action': 'Change default router credentials from factory defaults. This attack requires PR:L (authenticated access), so strong credentials increase barrier.', 'priority': 'HIGH'} {'type': 'Monitoring', 'action': "Monitor router logs for suspicious POST requests to /goform/GstDhcpSetSer with unusual 'dips' parameter values or repeated failed authentication attempts.", 'priority': 'MEDIUM'} {'type': 'Replacement', 'action': 'If patched firmware is unavailable, consider replacing device with patched model or alternative vendor solution.', 'priority': 'CRITICAL if patch unavailable'}

EUVD-2025-21281 vulnerability details – vuln.today

Back

Fh1201 Firmware EUVD-2025-21281

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code