What is the CVSS score of EUVD-2025-21282?

EUVD-2025-21282 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Fh1201 Firmware are affected by EUVD-2025-21282?

Tenda FH1201 routers running firmware version 1.2.0.14(408) contain a critical remote code execution vulnerability that allows unauthenticated attackers to crash or potentially gain control of…

Is there a public PoC exploit available for EUVD-2025-21282?

Yes, a public proof-of-concept exploit is available for EUVD-2025-21282. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate EUVD-2025-21282?

Within 24 hours: Identify and inventory all Tenda FH1201 devices on your network and isolate them to a separate management VLAN if possible. Within 7 days: Check with Tenda for firmware updates or evaluate replacing affected devices with patched alternatives; implement network-level restrictions to limit access to the router's web interface. Within 30 days: Complete migration to patched firmware versions or replacement devices; conduct network assessments to detect any unauthorized access that may have occurred.

Fh1201 Firmware EUVD-2025-21282

| CVE-2025-7549 HIGH

Buffer Overflow (CWE-119)

2025-07-13 cna@vuldb.com

Buffer Overflow Fh1201 Firmware Tenda

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 09:18 euvd

EUVD-2025-21282

Analysis Generated

Mar 16, 2026 - 09:18 vuln.today

PoC Detected

Jul 15, 2025 - 18:32 vuln.today

Public exploit code

CVE Published

Jul 13, 2025 - 23:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.

Technical ContextAI

The vulnerability exists in the frmL7ProtForm function within the /goform/L7Prot endpoint of Tenda FH1201 router firmware. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a classic stack-based buffer overflow where user-supplied input to the 'page' parameter is not properly validated or bounds-checked before being written to a fixed-size stack buffer. Tenda FH1201 is a consumer-grade wireless router running proprietary firmware. The L7Prot functionality typically handles Layer 7 protocol filtering/management in the device's web interface. The lack of input validation on web form parameters is a common vulnerability class in embedded device firmware where memory safety is not enforced.

RemediationAI

Immediate actions: (1) Patch to the latest available firmware version for FH1201 (check Tenda support website for versions newer than 1.2.0.14(408)); (2) if patch unavailable, apply temporary mitigations—restrict admin interface access to trusted IPs via firewall rules, disable remote management if enabled, change default credentials immediately; (3) monitor for suspicious access patterns in router logs. Specific patch version numbers are not available in provided references—contact Tenda support or check their official firmware download page for available updates. Workaround: disallow access to /goform/L7Prot endpoint at network perimeter until patch is applied. Consider network segmentation to limit impact if device is compromised.

EUVD-2025-21282 vulnerability details – vuln.today

Back

Fh1201 Firmware EUVD-2025-21282

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code