Cyber Posture

CVE-2025-7420

HighPublic PoC

Published: 11 July 2025

Published
11 July 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0157 81.6th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7420 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda O3 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires identification, reporting, and correction of the stack-based buffer overflow flaw in the httpd formWifiBasicSet function.

SI-10 Information Input Validation good match
prevent

Enforces validation of the extChannel argument at the /goform/setWrlBasicInfo endpoint to block malformed inputs causing buffer overflows.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like stack canaries and non-executable memory to prevent successful exploitation of the stack-based buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Stack-based buffer overflow in Tenda O3V2 httpd web interface (/goform/setWrlBasicInfo formWifiBasicSet extChannel) allows remote exploitation for potential RCE on a public-facing router application.

NVD Description

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The…

more

attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-7420 is a critical stack-based buffer overflow vulnerability affecting the Tenda O3V2 router on firmware version 1.0.0.12(3880). The flaw exists in the formWifiBasicSet function of the /goform/setWrlBasicInfo endpoint within the httpd component, where manipulation of the extChannel argument triggers the overflow.

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), yielding a CVSS v3.1 base score of 8.8. It maps to CWEs 119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and 121 (Stack-based Buffer Overflow).

References point to GitHub repositories with vulnerability details and a proof-of-concept exploit, alongside VulDB entries documenting the issue. The exploit has been publicly disclosed and may be used.

Details

CWE(s)
CWE-119CWE-121

Affected Products

tenda
o3 firmware
1.0.0.12\(3880\)

CVEs Like This One

CVE-2025-7422Same product: Tenda O3
CVE-2025-7421Same product: Tenda O3
CVE-2025-7417Same product: Tenda O3
CVE-2025-7419Same product: Tenda O3
CVE-2025-7418Same product: Tenda O3
CVE-2025-7423Same product: Tenda O3
CVE-2025-7416Same product: Tenda O3
CVE-2025-55613Same product: Tenda O3
CVE-2025-12209Same product: Tenda O3
CVE-2025-12210Same product: Tenda O3

References