CVE-2025-7793
Published: 18 July 2025
Summary
CVE-2025-7793 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh451 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates timely identification, reporting, and correction of flaws like this stack-based buffer overflow, directly eliminating the vulnerability through patching.
SI-10 enforces information input validation at entry points such as the webSiteId argument in /goform/webtypelibrary, preventing the buffer overflow exploitation.
SI-16 implements memory protection mechanisms like stack canaries and DEP that directly mitigate stack-based buffer overflow attempts leading to arbitrary code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct stack-based buffer overflow in router web form handler enables remote authenticated RCE against a public-facing network device service.
NVD Description
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. It is possible to launch the attack remotely.…
more
The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7793 is a critical stack-based buffer overflow vulnerability affecting the Tenda FH451 router on firmware version 1.0.0.9. The flaw exists in the formWebTypeLibrary function within the /goform/webtypelibrary file, where manipulation of the webSiteId argument triggers the overflow. Published on 2025-07-18, it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by authenticated users with low privileges over the network without requiring user interaction. Successful attacks can result in high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device. A proof-of-concept exploit has been publicly disclosed and may be used by attackers.
Advisories and additional details are available via VulDB entries (e.g., https://vuldb.com/?ctiid.316854, https://vuldb.com/?id.316854) and a GitHub repository (https://github.com/panda666-888/vuls/blob/main/tenda/fh451/formWebTypeLibrary.md, including POC at #poc). No specific patches or mitigations are detailed in the initial disclosure.
Details
- CWE(s)