Details of VAR-202507-0345

ID

VAR-202507-0345

CVE

CVE-2025-7468

TITLE

Shenzhen Tenda Technology Co.,Ltd. of fh1201 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008968

DESCRIPTION

A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh1201 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This product is mainly aimed at home and small office network environments. The vulnerability is caused by the parameter page in the file /goform/fromSafeUrlFilter failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-7468 // JVNDB: JVNDB-2025-008968 // CNVD: CNVD-2025-16710

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16710

AFFECTED PRODUCTS

vendor:	tenda	model:	fh1201	scope:	eq	version:	1.2.0.14	Trust: 1.6
vendor:	tenda	model:	fh1201	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1201	scope:	eq	version:	fh1201 firmware 1.2.0.14	Trust: 0.8
vendor:	tenda	model:	fh1201	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-16710 // JVNDB: JVNDB-2025-008968 // NVD: CVE-2025-7468

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7468
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-008968
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-16710
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7468
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-008968
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-16710
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7468
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-008968
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-16710 // JVNDB: JVNDB-2025-008968 // NVD: CVE-2025-7468

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-008968 // NVD: CVE-2025-7468

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7468	Trust: 3.2
db:	VULDB	id:	316120	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-008968	Trust: 0.8
db:	CNVD	id:	CNVD-2025-16710	Trust: 0.6

sources: CNVD: CNVD-2025-16710 // JVNDB: JVNDB-2025-008968 // NVD: CVE-2025-7468

REFERENCES

url:	https://candle-throne-f75.notion.site/tenda-fh1201-fromsafeurlfilter-229df0aa118580ceb3e4f54d22814c40	Trust: 2.4
url:	https://vuldb.com/?id.316120	Trust: 1.8
url:	https://vuldb.com/?submit.610394	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://vuldb.com/?ctiid.316120	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7468	Trust: 0.8

sources: CNVD: CNVD-2025-16710 // JVNDB: JVNDB-2025-008968 // NVD: CVE-2025-7468

SOURCES

db:	CNVD	id:	CNVD-2025-16710
db:	JVNDB	id:	JVNDB-2025-008968
db:	NVD	id:	CVE-2025-7468

LAST UPDATE DATE

2025-07-26T23:12:29.552000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-16710	date:	2025-07-24T00:00:00
db:	JVNDB	id:	JVNDB-2025-008968	date:	2025-07-16T04:59:00
db:	NVD	id:	CVE-2025-7468	date:	2025-07-15T15:42:26.307

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-16710	date:	2025-07-24T00:00:00
db:	JVNDB	id:	JVNDB-2025-008968	date:	2025-07-16T00:00:00
db:	NVD	id:	CVE-2025-7468	date:	2025-07-12T09:15:25.950