CVE-2025-7551
Published: 14 July 2025
Summary
CVE-2025-7551 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1201 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates timely remediation of identified flaws like the stack-based buffer overflow in fromPptpUserAdd, directly eliminating the vulnerability through patching.
SI-10 requires validation of inputs such as modino and username arguments to block malformed data that triggers the buffer overflow.
SI-16 implements memory protections like stack canaries or ASLR to prevent arbitrary code execution even if the buffer overflow occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's public-facing web management interface (/goform/PPTPDClient fromPptpUserAdd) via modino/username parameter enables remote exploitation of a public-facing application.
NVD Description
A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. The attack can…
more
be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7551 is a critical stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting Tenda FH1201 routers on firmware version 1.2.0.14(408). The flaw exists in the fromPptpUserAdd function within the /goform/PPTPDClient component, where manipulation of the modino or username arguments triggers the overflow. Published on 2025-07-14, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Attackers with low privileges can exploit this vulnerability remotely without user interaction. By sending crafted requests to the vulnerable endpoint, they can trigger the buffer overflow, potentially leading to arbitrary code execution, data compromise, or denial of service with high impacts on confidentiality, integrity, and availability.
References point to a public proof-of-concept exploit detailed on GitHub at panda666-888/vuls, including analysis of the Tenda FH1201 fromPptpUserAdd modino issue and a specific POC section. Additional entries on VulDB (ctiid.316249, id.316249, submit.614975) document the vulnerability but do not specify patches or mitigations. The public disclosure of the exploit heightens the risk for unpatched devices.
Details
- CWE(s)