SB2025072250 - Multiple vulnerabilities in Tenda FH451
Published: July 22, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2025-7794)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "fromNatStaticSetting" function in the /goform/NatStaticSetting file. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Stack-based buffer overflow (CVE-ID: CVE-2025-7805)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the delno parameter in the fromPptpUserSetting function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Stack-based buffer overflow (CVE-ID: CVE-2025-7807)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Go parameter in the fromSafeUrlFilter function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Stack-based buffer overflow (CVE-ID: CVE-2025-7806)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Go parameter in the fromSafeClientFilter function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Stack-based buffer overflow (CVE-ID: CVE-2025-7796)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the username parameter in the fromPptpUserAdd function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Stack-based buffer overflow (CVE-ID: CVE-2025-7434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "fromAddressNat" function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Stack-based buffer overflow (CVE-ID: CVE-2025-7506)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fromNatlimit function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Stack-based buffer overflow (CVE-ID: CVE-2025-7505)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the frmL7ProtForm function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Buffer overflow (CVE-ID: CVE-2025-7747)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fromWizardHandle function. A remote user can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Stack-based buffer overflow (CVE-ID: CVE-2025-7792)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the page parameter in the formSafeEmailFilter function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Stack-based buffer overflow (CVE-ID: CVE-2025-7795)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the page parameter in the fromP2pListFilter function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Stack-based buffer overflow (CVE-ID: CVE-2025-7793)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the webSiteId parameter in the formWebTypeLibrary function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromNatStaticSetting.md
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromNatStaticSetting.md#poc
- https://vuldb.com/?ctiid.316855
- https://vuldb.com/?id.316855
- https://vuldb.com/?submit.616318
- https://www.tenda.com.cn/
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromPptpUserSetting.md
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromPptpUserSetting.md#poc
- https://vuldb.com/?ctiid.316881
- https://vuldb.com/?id.316881
- https://vuldb.com/?submit.616347
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromSafeUrlFilter_Go.md
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromSafeUrlFilter_page.md
- https://vuldb.com/?ctiid.316883
- https://vuldb.com/?id.316883
- https://vuldb.com/?submit.616350
- https://vuldb.com/?submit.616352
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromSafeClientFilter_Go.md
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromSafeClientFilter_page.md
- https://vuldb.com/?ctiid.316882
- https://vuldb.com/?id.316882
- https://vuldb.com/?submit.616348
- https://vuldb.com/?submit.616349
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromPptpUserAdd.md
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromPptpUserAdd.md#poc
- https://vuldb.com/?ctiid.316857
- https://vuldb.com/?id.316857
- https://vuldb.com/?submit.616345
- https://github.com/zezhifu1/cve_report/blob/main/FH451/fromAddressNat.md
- https://github.com/zezhifu1/cve_report/blob/main/FH451/fromAddressNat.md#payload
- https://vuldb.com/?ctiid.316004
- https://vuldb.com/?id.316004
- https://vuldb.com/?submit.609058
- https://github.com/zezhifu1/cve_report/blob/main/FH451/fromNatlimit.md
- https://github.com/zezhifu1/cve_report/blob/main/FH451/fromNatlimit.md#payload
- https://vuldb.com/?ctiid.316189
- https://vuldb.com/?id.316189
- https://vuldb.com/?submit.611505
- https://github.com/zezhifu1/cve_report/blob/main/FH451/frmL7ProtForm.md
- https://github.com/zezhifu1/cve_report/blob/main/FH451/frmL7ProtForm.md#payload
- https://vuldb.com/?ctiid.316188
- https://vuldb.com/?id.316188
- https://vuldb.com/?submit.611504
- https://github.com/zezhifu1/cve_report/blob/main/FH451/fromWizardHandle.md
- https://github.com/zezhifu1/cve_report/blob/main/FH451/fromWizardHandle.md#payload
- https://vuldb.com/?ctiid.316737
- https://vuldb.com/?id.316737
- https://vuldb.com/?submit.615487
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/formSafeEmailFilter.md
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/formSafeEmailFilter.md#poc
- https://vuldb.com/?ctiid.316853
- https://vuldb.com/?id.316853
- https://vuldb.com/?submit.616316
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromP2pListFilter.md
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromP2pListFilter.md#poc
- https://vuldb.com/?ctiid.316856
- https://vuldb.com/?id.316856
- https://vuldb.com/?submit.616344
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/formWebTypeLibrary.md
- https://github.com/panda666-888/vuls/blob/main/tenda/fh451/formWebTypeLibrary.md#poc
- https://vuldb.com/?ctiid.316854
- https://vuldb.com/?id.316854
- https://vuldb.com/?submit.616317