Details of VAR-202506-0870

ID

VAR-202506-0870

CVE

CVE-2025-6110

TITLE

Shenzhen Tenda Technology Co.,Ltd. of fh1201 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007284

DESCRIPTION

A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh1201 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the page parameter of the /goform/SafeMacFilter file failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 2.16

sources: NVD: CVE-2025-6110 // JVNDB: JVNDB-2025-007284 // CNVD: CNVD-2025-15704

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15704

AFFECTED PRODUCTS

vendor:	tenda	model:	fh1201	scope:	eq	version:	1.2.0.14\(408\)	Trust: 1.0
vendor:	tenda	model:	fh1201	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1201	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1201	scope:	eq	version:	fh1201 firmware 1.2.0.14(408)	Trust: 0.8
vendor:	tenda	model:	fh1201	scope:	eq	version:	1.2.0.14(408)	Trust: 0.6

sources: CNVD: CNVD-2025-15704 // JVNDB: JVNDB-2025-007284 // NVD: CVE-2025-6110

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6110
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-007284
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-15704
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-6110
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007284
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-15704
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-6110
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007284
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15704 // JVNDB: JVNDB-2025-007284 // NVD: CVE-2025-6110

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007284 // NVD: CVE-2025-6110

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6110	Trust: 3.2
db:	VULDB	id:	312579	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-007284	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15704	Trust: 0.6

sources: CNVD: CNVD-2025-15704 // JVNDB: JVNDB-2025-007284 // NVD: CVE-2025-6110

REFERENCES

url:	https://lavender-bicycle-a5a.notion.site/tenda-fh1201-fromsafeurlfilter-20b53a41781f80bc8687e3887f536120?source=copy_link	Trust: 1.8
url:	https://vuldb.com/?id.312579	Trust: 1.8
url:	https://vuldb.com/?submit.592473	Trust: 1.8
url:	https://vuldb.com/?submit.592475	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6110	Trust: 1.4
url:	https://vuldb.com/?ctiid.312579	Trust: 1.0

sources: CNVD: CNVD-2025-15704 // JVNDB: JVNDB-2025-007284 // NVD: CVE-2025-6110

SOURCES

db:	CNVD	id:	CNVD-2025-15704
db:	JVNDB	id:	JVNDB-2025-007284
db:	NVD	id:	CVE-2025-6110

LAST UPDATE DATE

2025-07-17T23:36:17.349000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15704	date:	2025-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2025-007284	date:	2025-06-19T07:11:00
db:	NVD	id:	CVE-2025-6110	date:	2025-06-17T19:38:18.840

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15704	date:	2025-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2025-007284	date:	2025-06-19T00:00:00
db:	NVD	id:	CVE-2025-6110	date:	2025-06-16T07:15:18.373