Details of VAR-202506-0913

ID

VAR-202506-0913

CVE

CVE-2025-6112

TITLE

Shenzhen Tenda Technology Co.,Ltd. of fh1205 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009453

DESCRIPTION

A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh1205 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. tenda FH1205 is a dual-band wireless router for home users, with high cost performance and stable network performance. Attackers can use this vulnerability to trigger a buffer overflow by manipulating the parameter lanMask

Trust: 2.16

sources: NVD: CVE-2025-6112 // JVNDB: JVNDB-2025-009453 // CNVD: CNVD-2025-15711

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15711

AFFECTED PRODUCTS

vendor:	tenda	model:	fh1205	scope:	eq	version:	2.0.0.7	Trust: 1.6
vendor:	tenda	model:	fh1205	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1205	scope:	eq	version:	fh1205 firmware 2.0.0.7	Trust: 0.8
vendor:	tenda	model:	fh1205	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-15711 // JVNDB: JVNDB-2025-009453 // NVD: CVE-2025-6112

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6112
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009453
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-15711
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-6112
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009453
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-15711
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-6112
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-009453
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15711 // JVNDB: JVNDB-2025-009453 // NVD: CVE-2025-6112

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009453 // NVD: CVE-2025-6112

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6112	Trust: 3.2
db:	VULDB	id:	312581	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009453	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15711	Trust: 0.6

sources: CNVD: CNVD-2025-15711 // JVNDB: JVNDB-2025-009453 // NVD: CVE-2025-6112

REFERENCES

url:	https://lavender-bicycle-a5a.notion.site/tenda-fh1205-fromadvsetlanip-20b53a41781f80bf850ff39f88ad7f2b?source=copy_link	Trust: 1.8
url:	https://vuldb.com/?id.312581	Trust: 1.8
url:	https://vuldb.com/?submit.592472	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6112	Trust: 1.4
url:	https://vuldb.com/?ctiid.312581	Trust: 1.0

sources: CNVD: CNVD-2025-15711 // JVNDB: JVNDB-2025-009453 // NVD: CVE-2025-6112

SOURCES

db:	CNVD	id:	CNVD-2025-15711
db:	JVNDB	id:	JVNDB-2025-009453
db:	NVD	id:	CVE-2025-6112

LAST UPDATE DATE

2025-07-26T19:34:29.508000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15711	date:	2025-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2025-009453	date:	2025-07-22T05:41:00
db:	NVD	id:	CVE-2025-6112	date:	2025-07-18T12:49:50.367

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15711	date:	2025-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2025-009453	date:	2025-07-22T00:00:00
db:	NVD	id:	CVE-2025-6112	date:	2025-06-16T08:15:20.010