Skip to main content

CVE-2025-7530: Stack-based Buffer Overflow in Tenda FH1202

High
VulnerabilityCVE-2025-7530cvecve-2025-7530
Published: Sun Jul 13 2025 (07/13/2025, 15:02:07 UTC)
Source: CVE Database V5
Vendor/Project: Tenda
Product: FH1202

Description

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 07/20/2025, 21:03:40 UTC

Technical Analysis

CVE-2025-7530 is a critical stack-based buffer overflow vulnerability identified in the Tenda FH1202 router, specifically version 1.2.0.14(408). The flaw exists in the function fromPptpUserAdd within the /goform/PPTPDClient endpoint. This function improperly handles the Username argument, allowing an attacker to overflow the stack buffer by sending a specially crafted input. Because the vulnerability is remotely exploitable without authentication or user interaction, an attacker can launch an attack over the network to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability affects the PPTP client configuration interface, which is typically accessible via the router's web management interface or possibly exposed services. The CVSS 4.0 score of 8.7 reflects a high severity, with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the public disclosure of the exploit code increases the risk of active exploitation. The lack of available patches or vendor advisories at this time further elevates the threat level. This vulnerability could allow attackers to gain control over the affected device, potentially pivoting into internal networks or disrupting network connectivity.

Potential Impact

For European organizations, the exploitation of CVE-2025-7530 could have significant consequences. Many enterprises and small businesses rely on Tenda routers for network connectivity, including remote access via PPTP VPNs. Successful exploitation could lead to unauthorized access to internal networks, data exfiltration, or disruption of critical network services. Given the high impact on confidentiality, integrity, and availability, attackers could deploy malware, intercept sensitive communications, or cause network outages. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and government institutions within Europe. Additionally, compromised routers could be leveraged as part of larger botnets or used to launch further attacks against European infrastructure. The remote and unauthenticated nature of the exploit increases the attack surface, especially for organizations with exposed management interfaces or poorly segmented networks.

Mitigation Recommendations

European organizations should immediately assess their network environments for the presence of Tenda FH1202 routers running version 1.2.0.14(408). Since no official patch is currently available, the following specific mitigations are recommended: 1) Disable or restrict access to the PPTP client configuration interface, especially from untrusted networks or the internet. 2) Implement network segmentation to isolate management interfaces from general user networks. 3) Employ firewall rules to block incoming traffic to the router's management ports from external sources. 4) Monitor network traffic for unusual patterns or attempts to exploit the /goform/PPTPDClient endpoint. 5) Consider replacing affected devices with updated hardware or firmware versions once patches are released. 6) Use intrusion detection/prevention systems (IDS/IPS) with signatures targeting this vulnerability once available. 7) Educate IT staff about the vulnerability and the importance of limiting exposure of router management interfaces. These targeted actions go beyond generic advice by focusing on reducing exposure of the vulnerable function and limiting attacker footholds.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-07-12T11:28:39.271Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6873cdb3a83201eaacbc170d

Added to database: 7/13/2025, 3:16:03 PM

Last enriched: 7/20/2025, 9:03:40 PM

Last updated: 8/25/2025, 4:31:49 AM

Views: 36

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats