CVE-2025-14879 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-14879?

CVE-2025-14879 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by exploiting a stack-based buffer overflow in the HTTP request handler. Attackers can send specially crafted requests to the /goform/onSSIDChange endpoint to gain control of affected devices. All users of Tenda WH450 routers running firmware version 1.0.0.18 are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by exploiting a stack-based buffer overflow in the HTTP request handler. Attackers can send specially crafted requests to the /goform/onSSIDChange endpoint to gain control of affected devices. All users of Tenda WH450 routers running firmware version 1.0.0.18 are affected.

💻 Affected Systems

Products:

Tenda WH450

Versions: 1.0.0.18

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default web management interface and requires no special configuration to be exploitable.

📦 What is this software?

Wh450 Firmware by Tenda

View all CVEs affecting Wh450 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept network traffic, and use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if network segmentation prevents router access and intrusion detection systems block exploit attempts.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via HTTP requests, making internet-facing routers immediate targets.

🏢 Internal Only: HIGH - Even internally, any attacker with network access can exploit this vulnerability without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code is available, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for WH450. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Log into router admin > Advanced Settings > Remote Management > Disable

Network Segmentation

all

Isolate router management interface from user networks

Configure VLANs to separate management traffic from user traffic

🧯 If You Can't Patch

Replace affected routers with different models from vendors with better security track records
Implement strict network access controls to limit who can reach the router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or About page

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer 1.0.0.18 after update

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/onSSIDChange with abnormal ssid_index parameter values
Router reboot events following suspicious requests

Network Indicators:

Unusual outbound connections from router to unknown IPs
HTTP requests with buffer overflow patterns to router management interface

SIEM Query:

source="router_logs" AND (uri="/goform/onSSIDChange" OR message="buffer overflow")

📊 Metadata

CVE ID: CVE-2025-14879

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.31% exploit probability (54.1th percentile)

Published: December 18, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/onSSIDChange/onSSIDChange.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.337370 Permissions Required,VDB Entry
https://vuldb.com/?id.337370 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.715362 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/onSSIDChange/onSSIDChange.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14879, you might also want to check these: