Cyber Resilience

CVE-2025-69700

HighPublic PoC

Published: 23 February 2026

Published
23 February 2026
Modified
24 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0008 23.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69700 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Fh1203 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-69700 is a stack-based buffer overflow vulnerability (CWE-121) affecting the Tenda FH1203 router at version V2.0.1.6. The flaw resides in the modify_add_client_prio function, which is exposed through the formSetClientPrio CGI handler. Published on 2026-02-23, it has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for denial-of-service impacts.

Remote attackers require no authentication or user interaction to exploit this vulnerability over the network with low attack complexity. Successful exploitation triggers a stack-based buffer overflow, leading to high availability disruption, such as device crashes or reboots, without affecting confidentiality or integrity.

For mitigation details, refer to the advisory at https://github.com/xhh0124/SemVulLLM.

EU & UK References

Vulnerability details

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated buffer overflow in public web CGI interface directly enables T1190 exploitation of public-facing app; resulting crash/reboot maps to T1499.004 application exploitation for DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70744Same vendor: Tenda
CVE-2025-70644Same vendor: Tenda
CVE-2025-70648Same vendor: Tenda
CVE-2025-71019Same vendor: Tenda
CVE-2025-70656Same vendor: Tenda
CVE-2025-71021Same vendor: Tenda
CVE-2025-29121Same vendor: Tenda
CVE-2025-29101Same vendor: Tenda
CVE-2025-70746Same vendor: Tenda
CVE-2025-70651Same vendor: Tenda

Affected Assets

tenda
fh1203 firmware
2.0.1.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the stack-based buffer overflow in the modify_add_client_prio function by identifying, patching, and deploying firmware updates for the affected Tenda FH1203 router.

prevent

Prevents exploitation by enforcing validation of inputs to the formSetClientPrio CGI handler, directly addressing the lack of bounds checking that causes the buffer overflow.

prevent

Mitigates stack-based buffer overflow exploitation through memory protections such as stack canaries and address space layout randomization on the vulnerable router firmware.

References