CVE-2025-14665 identifies a stack-based buffer overflow vulnerability in the Tenda WH450 router firmware version 1.0.0.18. The vulnerability resides in the HTTP Request Handler component, specifically in the /goform/DhcpListClient endpoint. An attacker can manipulate the 'page' argument in HTTP requests to this endpoint to overflow a stack buffer, potentially overwriting the return address or other control data on the stack. This can lead to arbitrary code execution, allowing an attacker to take control of the device remotely. The vulnerability requires no authentication and no user interaction, making it highly exploitable over the network. The CVSS v4.0 score of 9.3 reflects the critical nature of this flaw, with attack vector being network-based, low attack complexity, no privileges required, and no user interaction needed. The impact on confidentiality, integrity, and availability is high, as an attacker could execute malicious code, disrupt device operation, or intercept sensitive data. Although no exploits have been observed in the wild yet, the public release of exploit code significantly raises the threat level. The lack of available patches at the time of publication increases the urgency for affected organizations to implement mitigations or consider device replacement.

The impact of CVE-2025-14665 on organizations worldwide is substantial. Exploitation can lead to full compromise of the affected Tenda WH450 routers, enabling attackers to execute arbitrary code remotely. This can result in interception or manipulation of network traffic, disruption of network services, and use of compromised devices as footholds for further attacks within internal networks. Organizations relying on these routers for critical connectivity or security functions face risks of data breaches, service outages, and lateral movement by attackers. The vulnerability’s remote exploitability without authentication means that attackers can target exposed devices directly from the internet, increasing the attack surface. This is particularly concerning for small and medium enterprises or home users who may not have robust network defenses. The absence of patches at the time of disclosure further exacerbates the risk, potentially leading to widespread exploitation once exploit code is leveraged by threat actors.

To mitigate CVE-2025-14665, organizations should immediately identify all Tenda WH450 devices running firmware version 1.0.0.18 within their networks. Since no official patches are currently available, interim mitigations include restricting access to the device’s management interface by implementing network segmentation and firewall rules to block inbound HTTP requests to the /goform/DhcpListClient endpoint from untrusted networks. Disabling remote management features or changing default credentials can reduce exposure. Monitoring network traffic for unusual HTTP requests targeting this endpoint can help detect exploitation attempts. Organizations should also engage with Tenda support channels to obtain firmware updates or advisories and plan for prompt application of patches once released. Where feasible, replacing vulnerable devices with models not affected by this vulnerability or from other vendors with timely security support is advisable. Additionally, maintaining up-to-date intrusion detection and prevention systems can help identify and block exploit attempts.