Cyber Resilience

CVE-2025-7549

HighPublic PoC

Published: 13 July 2025

Published
13 July 2025
Modified
15 July 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0157 81.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7549 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1201 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A vulnerability classified as critical exists in Tenda FH1201 version 1.2.0.14(408). It resides in the frmL7ProtForm function within the /goform/L7Prot endpoint, where improper handling of the page argument triggers a stack-based buffer overflow. The flaw is tracked under CVE-2025-7549 and corresponds to CWE-119 and CWE-121.

An authenticated remote attacker can supply a crafted page value to the affected endpoint, leading to arbitrary code execution or a denial-of-service condition on the device. The CVSS 4.0 score of 7.4 reflects network attack vector, low complexity, and high impact on confidentiality, integrity, and availability. Public proof-of-concept code has been released, confirming the issue is exploitable in practice.

No vendor advisory or patch information appears in the referenced disclosures. The associated EPSS score remains flat at 0.0157 with no material increase since publication, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The…

more

exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The stack-based buffer overflow in the router's web interface (/goform/L7Prot) is remotely exploitable via a crafted 'page' parameter, enabling arbitrary code execution consistent with exploitation of a public-facing application.

CVEs Like This One

CVE-2025-14995Same product: Tenda Fh1201
CVE-2025-7550Same product: Tenda Fh1201
CVE-2025-7551Same product: Tenda Fh1201
CVE-2026-5045Same product: Tenda Fh1201
CVE-2026-5046Same product: Tenda Fh1201
CVE-2025-7548Same product: Tenda Fh1201
CVE-2025-7463Same product: Tenda Fh1201
CVE-2025-7465Same product: Tenda Fh1201
CVE-2025-7468Same product: Tenda Fh1201
CVE-2025-14994Same product: Tenda Fh1201

Affected Assets

tenda
fh1201 firmware
1.2.0.14\(408\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the identified stack-based buffer overflow flaw in frmL7ProtForm directly eliminates the vulnerability to manipulation of the 'page' argument.

prevent

Validating information inputs to the /goform/L7Prot endpoint ensures the 'page' argument does not exceed buffer bounds, preventing the overflow.

prevent

Memory protection mechanisms like stack canaries and non-executable memory prevent exploitation of the stack-based buffer overflow for arbitrary code execution.

References