CVE-2025-7549
Published: 13 July 2025
Summary
CVE-2025-7549 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1201 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A vulnerability classified as critical exists in Tenda FH1201 version 1.2.0.14(408). It resides in the frmL7ProtForm function within the /goform/L7Prot endpoint, where improper handling of the page argument triggers a stack-based buffer overflow. The flaw is tracked under CVE-2025-7549 and corresponds to CWE-119 and CWE-121.
An authenticated remote attacker can supply a crafted page value to the affected endpoint, leading to arbitrary code execution or a denial-of-service condition on the device. The CVSS 4.0 score of 7.4 reflects network attack vector, low complexity, and high impact on confidentiality, integrity, and availability. Public proof-of-concept code has been released, confirming the issue is exploitable in practice.
No vendor advisory or patch information appears in the referenced disclosures. The associated EPSS score remains flat at 0.0157 with no material increase since publication, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21282
Vulnerability details
A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The…
more
exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack-based buffer overflow in the router's web interface (/goform/L7Prot) is remotely exploitable via a crafted 'page' parameter, enabling arbitrary code execution consistent with exploitation of a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Remediating the identified stack-based buffer overflow flaw in frmL7ProtForm directly eliminates the vulnerability to manipulation of the 'page' argument.
Validating information inputs to the /goform/L7Prot endpoint ensures the 'page' argument does not exceed buffer bounds, preventing the overflow.
Memory protection mechanisms like stack canaries and non-executable memory prevent exploitation of the stack-based buffer overflow for arbitrary code execution.