CVE-2025-7527
Published: 13 July 2025
Summary
CVE-2025-7527 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires input validation that directly prevents stack-based buffer overflows by enforcing bounds checking on the PPPOEPassword argument in the fromAdvSetWan function.
SI-2 mandates timely flaw remediation, such as applying vendor patches to fix the buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408).
SI-16 implements memory protection mechanisms like stack canaries and DEP that mitigate exploitation of the stack-based buffer overflow even if input validation fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the Tenda FH1202 router's web management interface (/goform/AdvSetWan via PPPOEPassword) is remotely exploitable, enabling initial access through exploitation of a public-facing application.
NVD Description
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated…
more
remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7527 is a critical stack-based buffer overflow vulnerability (CVSS 3.1 score of 8.8) in the Tenda FH1202 router running firmware version 1.2.0.14(408). The issue resides in the fromAdvSetWan function, accessible via the /goform/AdvSetWan endpoint, where manipulation of the PPPOEPassword argument triggers the overflow. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction (UI:N) and low attack complexity (AC:L) over the network (AV:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution on the affected device.
Advisories from VulDB (ctiid.316223, id.316223, submit.612941) document the vulnerability and reference a public exploit disclosure on GitHub at panda666-888/vuls/blob/main/tenda/fh1202/fromAdvSetWan.md, which details the stack-based buffer overflow in fromAdvSetWan. The vendor's site at tenda.com.cn is listed, though no specific patch details are provided in the available references.
The exploit has been publicly disclosed, increasing the risk of real-world attacks against unpatched Tenda FH1202 devices.
Details
- CWE(s)