CVE-2025-69700 identifies a stack-based buffer overflow vulnerability in the Tenda FH1203 router firmware version 2.0.1.6. The vulnerability resides in the modify_add_client_prio function, which is accessible through the formSetClientPrio CGI handler. This handler processes client priority settings, and due to improper bounds checking, an attacker can supply crafted input that overflows the stack buffer. This overflow can cause the device to crash, resulting in a denial of service condition. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, increasing its risk profile. The CVSS 3.1 base score of 7.5 reflects a high severity primarily due to its impact on availability (A:H), with no impact on confidentiality or integrity. The attack complexity is low, and the scope is unchanged, meaning the vulnerability affects only the vulnerable component. No public exploits or patches are currently available, but the vulnerability is publicly disclosed and assigned a CVE identifier. The CWE classification is CWE-121, indicating a classic stack-based buffer overflow issue. This vulnerability could be leveraged by attackers to disrupt network operations by causing router reboots or crashes, potentially affecting all devices relying on this router for connectivity.

The primary impact of CVE-2025-69700 is on the availability of network infrastructure relying on the Tenda FH1203 router. Successful exploitation can cause the device to crash or reboot, leading to denial of service conditions. This disruption can affect home users, small businesses, and possibly larger organizations that deploy these routers in branch offices or less critical network segments. While the vulnerability does not directly compromise confidentiality or integrity, the loss of network availability can hinder business operations, disrupt communications, and degrade user experience. In environments where network uptime is critical, such as healthcare, finance, or industrial control systems, this could have significant operational consequences. The ease of exploitation and lack of authentication requirements increase the likelihood of attacks, especially if the router’s management interface is exposed to untrusted networks. The absence of known exploits in the wild currently limits immediate risk, but the public disclosure raises the potential for future exploit development.

1. Immediately restrict access to the router’s management interface by limiting it to trusted internal networks and disabling remote management if not necessary. 2. Employ network segmentation to isolate the router management interface from general user traffic and untrusted networks. 3. Monitor vendor communications closely for firmware updates or patches addressing this vulnerability and apply them promptly once available. 4. Implement network-level protections such as intrusion detection/prevention systems (IDS/IPS) to detect anomalous requests targeting the formSetClientPrio CGI handler. 5. Regularly audit router configurations and logs for unusual activity that could indicate exploitation attempts. 6. Consider replacing affected devices with models from vendors with faster patch cycles or better security track records if patching is delayed. 7. Educate network administrators about the vulnerability and the importance of minimizing exposure of management interfaces. 8. Use firewall rules to block unauthorized access to the router’s web management ports (typically TCP 80/443).