CVE-2025-7805 in FH451
Summary
by MITRE • 07/18/2025
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/23/2025
The vulnerability identified as CVE-2025-7805 represents a critical stack-based buffer overflow in the Tenda FH451 router firmware version 1.0.0.9. This flaw exists within the fromPptpUserSetting function located in the /goform/PPTPUserSetting file, which is part of the web-based administration interface. The specific trigger occurs when processing the delno argument, where insufficient input validation allows an attacker to manipulate memory layout through crafted malicious input. The buffer overflow vulnerability stems from improper bounds checking during argument processing, creating an exploitable condition that can be leveraged for arbitrary code execution or system compromise.
This vulnerability operates at the application layer within the router's web interface, specifically targeting the PPTP user settings functionality. The attack vector is remote, meaning an unauthenticated attacker can exploit this weakness without requiring physical access or prior system compromise. The technical flaw aligns with CWE-121 Stack-based Buffer Overflow, which occurs when a program writes data beyond the boundaries of a fixed-length stack buffer. The exploitation of this vulnerability follows ATT&CK technique T1210 Exploitation of Remote Services, as it targets a network service exposed through the web interface. The stack-based nature of the overflow allows for potential control flow hijacking, where attackers can overwrite return addresses and execute malicious code within the router's memory space.
The operational impact of this vulnerability is severe, as it enables remote code execution on the affected router, potentially allowing attackers to gain full administrative control over the device. This compromise can lead to unauthorized network access, data exfiltration, and the ability to establish persistent backdoors within the network infrastructure. The vulnerability affects the entire network ecosystem connected through the compromised router, as it can be leveraged to pivot attacks to other internal systems or to create a persistent threat vector. Additionally, the public disclosure of the exploit increases the likelihood of widespread exploitation, making this vulnerability particularly dangerous for organizations with unpatched Tenda FH451 devices.
Organizations should immediately implement network segmentation and disable unnecessary services to limit potential attack surfaces. The recommended mitigation strategy involves updating the router firmware to a patched version that addresses the buffer overflow vulnerability in the PPTP user settings functionality. Network administrators should also consider implementing intrusion detection systems to monitor for exploitation attempts and restrict access to the affected web interface through firewall rules. The vulnerability demonstrates the importance of proper input validation and memory management in embedded systems, aligning with security best practices outlined in NIST SP 800-160 and ISO/IEC 27001 standards. Regular security assessments of network infrastructure and firmware updates remain critical defensive measures against similar vulnerabilities in network equipment.