CVE-2025-69700
Published: 23 February 2026
Summary
CVE-2025-69700 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Fh1203 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated buffer overflow in public web CGI interface directly enables T1190 exploitation of public-facing app; resulting crash/reboot maps to T1499.004 application exploitation for DoS.
NVD Description
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.
Deeper analysisAI
CVE-2025-69700 is a stack-based buffer overflow vulnerability (CWE-121) affecting the Tenda FH1203 router at version V2.0.1.6. The flaw resides in the modify_add_client_prio function, which is exposed through the formSetClientPrio CGI handler. Published on 2026-02-23, it has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for denial-of-service impacts.
Remote attackers require no authentication or user interaction to exploit this vulnerability over the network with low attack complexity. Successful exploitation triggers a stack-based buffer overflow, leading to high availability disruption, such as device crashes or reboots, without affecting confidentiality or integrity.
For mitigation details, refer to the advisory at https://github.com/xhh0124/SemVulLLM.
Details
- CWE(s)