CVE-2025-14994 is a stack-based buffer overflow vulnerability identified in Tenda FH1201 and FH1206 routers running specific firmware versions (1.2.0.8(8155) and 1.2.0.14(408)). The vulnerability resides in the HTTP Request Handler component, specifically in the strcat function within the /goform/webtypelibrary file. The flaw is triggered by manipulating the webSiteId argument, which leads to a stack-based buffer overflow condition. This vulnerability can be exploited remotely without requiring authentication or user interaction, making it highly accessible to attackers. The overflow allows attackers to overwrite the stack, potentially enabling arbitrary code execution, which could compromise the router’s confidentiality, integrity, and availability. The CVSS 4.0 score is 8.7 (high), reflecting the ease of exploitation (network attack vector, low complexity), no privileges or user interaction required, and high impact on all security properties. Although no active exploitation has been reported yet, a public exploit is available, increasing the likelihood of future attacks. The affected devices are commonly used in small to medium enterprise and home environments, often serving as network gateways. The vulnerability could be leveraged to gain control over network traffic, intercept sensitive data, or disrupt network services. The lack of official patches at the time of publication necessitates immediate mitigation steps to reduce exposure.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Tenda FH1201 and FH1206 routers in their network infrastructure. Successful exploitation could lead to full compromise of the affected routers, enabling attackers to intercept or manipulate network traffic, launch further attacks within the internal network, or cause denial of service. Confidentiality breaches could expose sensitive corporate or personal data, while integrity violations could allow attackers to alter communications or configurations. Availability impacts could disrupt business operations dependent on network connectivity. The remote and unauthenticated nature of the exploit increases the threat level, particularly for organizations with internet-facing management interfaces or poorly segmented networks. Critical infrastructure sectors, including finance, healthcare, and government, are especially at risk due to potential cascading effects of network compromise. The presence of a public exploit further elevates the urgency for European entities to assess and mitigate this vulnerability promptly.

1. Immediately identify all Tenda FH1201 and FH1206 devices running the affected firmware versions within the network. 2. Monitor Tenda’s official channels for firmware updates addressing CVE-2025-14994 and apply patches as soon as they become available. 3. Until patches are released, restrict remote access to the management interfaces of these routers by implementing firewall rules or VPN-only access. 4. Disable any unnecessary services or features on the affected devices to reduce the attack surface. 5. Employ network segmentation to isolate vulnerable devices from critical systems and sensitive data. 6. Conduct regular network traffic monitoring and intrusion detection to identify potential exploitation attempts targeting this vulnerability. 7. Educate IT and security teams about the vulnerability and the importance of rapid response. 8. Consider replacing affected devices with models from vendors with a stronger security track record if patching is delayed or unsupported.