CVE-2025-1851
Published: 03 March 2025
Summary
CVE-2025-1851 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac7 Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A critical stack-based buffer overflow vulnerability affects the Tenda AC7 wireless router in firmware versions up to 15.03.06.44. The flaw resides in the formSetFirewallCfg function of the /goform/SetFirewallCfg endpoint and is triggered by unsanitized input to the firewallEn argument, corresponding to CWE-119 and CWE-121.
An attacker with low-privileged network access can send a crafted HTTP request to the affected endpoint and trigger the overflow remotely. Successful exploitation can result in arbitrary code execution or a crash that impacts confidentiality, integrity, and availability on the device.
Public references include a detailed proof-of-concept on GitHub and entries in VulDB, but no vendor advisory or patch information is provided in the available sources. The EPSS score remains flat at 0.0117 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5821
Vulnerability details
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate…
more
the attack remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the public-facing web management interface (/goform/SetFirewallCfg) of Tenda AC7 router allows remote unauthenticated attackers to achieve root code execution via crafted firewallEn input.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the stack-based buffer overflow in the formSetFirewallCfg function by identifying, prioritizing, and applying firmware patches or upgrades for affected Tenda AC7 routers.
Requires validation and sanitization of the firewallEn argument in the /goform/SetFirewallCfg endpoint to prevent buffer overflow exploitation via improper input handling.
Implements memory protection mechanisms such as stack canaries, ASLR, and non-executable stacks to mitigate successful stack-based buffer overflow exploitation leading to arbitrary code execution.