CVE-2025-7463
Published: 12 July 2025
Summary
CVE-2025-7463 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1201 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A buffer overflow vulnerability exists in Tenda FH1201 firmware version 1.2.0.14 within the formWrlsafeset function of the /goform/AdvSetWrlsafeset endpoint in the HTTP POST Request Handler component. The flaw is triggered by unsanitized input to the mit_ssid argument and is tracked under CWE-119 and CWE-120. It received a CVSS 4.0 score of 7.4 reflecting network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
An authenticated remote attacker can send a crafted HTTP POST request to overflow the buffer, potentially leading to arbitrary code execution or denial of service on the affected router. Public exploit code has been disclosed, enabling straightforward reproduction by anyone with network access to the device management interface.
The associated EPSS score remains low and unchanged at 0.0110 with no observed rise after disclosure. Reference materials are available at the listed Vuldb entries and a public Notion page detailing the proof-of-concept, while the vendor site provides general contact information but no specific patch or mitigation guidance in the supplied data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21204
Vulnerability details
A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP POST Request Handler. The manipulation of the argument mit_ssid leads to buffer…
more
overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the device's HTTP POST handler (formWrlsafeset) directly enables remote exploitation of a public-facing web application, matching T1190 for initial access and arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of the mit_ssid argument in HTTP POST requests to prevent buffer overflow exploitation.
Mandates timely remediation of the known buffer overflow flaw in Tenda FH1201 firmware via patches or updates.
Implements memory protections like stack guards and non-executable regions to mitigate buffer overflow leading to code execution.