Skip to main content

CVE-2025-7532: Stack-based Buffer Overflow in Tenda FH1202

High
VulnerabilityCVE-2025-7532cvecve-2025-7532
Published: Sun Jul 13 2025 (07/13/2025, 16:02:08 UTC)
Source: CVE Database V5
Vendor/Project: Tenda
Product: FH1202

Description

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 07/20/2025, 21:04:10 UTC

Technical Analysis

CVE-2025-7532 is a critical stack-based buffer overflow vulnerability identified in the Tenda FH1202 router, specifically affecting firmware version 1.2.0.14(408). The flaw exists in the function fromwebExcptypemanFilter within the /goform/webExcptypemanFilter endpoint. This vulnerability arises due to improper handling and validation of the 'page' argument, which can be manipulated by an attacker to overflow the stack buffer. Exploitation of this vulnerability can be initiated remotely without requiring user interaction or prior authentication, making it highly accessible for attackers. The buffer overflow can lead to arbitrary code execution with elevated privileges, potentially allowing attackers to take full control of the affected device. Given the nature of the vulnerability, it can compromise the confidentiality, integrity, and availability of the router and the network it serves. The CVSS v4.0 score of 8.7 (high severity) reflects the ease of exploitation (network attack vector, low complexity, no privileges or user interaction required) and the high impact on confidentiality, integrity, and availability. Although no public exploits are currently known to be actively used in the wild, the public disclosure of the vulnerability and exploit details increases the risk of imminent exploitation. The Tenda FH1202 is a consumer-grade router commonly used in home and small office environments, which may also be deployed in small business settings. The vulnerability's exploitation could enable attackers to intercept or manipulate network traffic, disrupt internet connectivity, or use the compromised device as a foothold for further attacks within the network.

Potential Impact

For European organizations, especially small businesses and residential users relying on Tenda FH1202 routers, this vulnerability poses a significant risk. Successful exploitation can lead to unauthorized network access, data interception, and potential lateral movement within corporate or home networks. This could result in data breaches, disruption of business operations, and compromise of sensitive information. Given the router’s role as a network gateway, attackers could manipulate traffic or deploy malware, impacting the availability and integrity of network services. The lack of authentication and user interaction requirements means that attackers can exploit this vulnerability remotely and stealthily, increasing the likelihood of widespread compromise. Additionally, organizations with remote or hybrid work models that depend on secure home networking may face elevated risks. The potential for attackers to gain persistent access through compromised routers could also facilitate espionage or sabotage, particularly in sectors with critical infrastructure or sensitive data.

Mitigation Recommendations

1. Immediate firmware update: Organizations and users should verify if Tenda has released a patched firmware version addressing CVE-2025-7532 and apply it promptly. 2. Network segmentation: Isolate vulnerable routers from critical network segments to limit potential lateral movement if compromised. 3. Disable remote management: If remote management features are enabled on the FH1202, disable them to reduce the attack surface. 4. Implement network monitoring: Deploy intrusion detection/prevention systems (IDS/IPS) to detect anomalous traffic patterns indicative of exploitation attempts targeting the /goform/webExcptypemanFilter endpoint. 5. Access control: Restrict management interface access to trusted IP addresses only, using firewall rules. 6. Replace vulnerable devices: For environments where patching is not feasible or delayed, consider replacing affected routers with devices from vendors with timely security support. 7. User awareness: Educate users about the risks of using outdated firmware and encourage regular updates. 8. Incident response readiness: Prepare to detect and respond to potential compromises involving this vulnerability, including network traffic analysis and device integrity checks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-07-12T11:28:45.331Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6873dbc4a83201eaacbcb05e

Added to database: 7/13/2025, 4:16:04 PM

Last enriched: 7/20/2025, 9:04:10 PM

Last updated: 8/25/2025, 7:37:06 AM

Views: 38

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats