CVE-2025-14994 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-14994?

CVE-2025-14994 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda FH1201 and FH1206 routers allows remote attackers to execute arbitrary code by manipulating the webSiteId parameter in HTTP requests. This affects devices running vulnerable firmware versions, potentially giving attackers full control over the router. The exploit is publicly available and can be performed without authentication.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda FH1201 and FH1206 routers allows remote attackers to execute arbitrary code by manipulating the webSiteId parameter in HTTP requests. This affects devices running vulnerable firmware versions, potentially giving attackers full control over the router. The exploit is publicly available and can be performed without authentication.

💻 Affected Systems

Products:

Tenda FH1201
Tenda FH1206

Versions: 1.2.0.14(408) and 1.2.0.8(8155)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with web management interface exposed to network are vulnerable. The vulnerability is in the HTTP request handler component.

📦 What is this software?

Fh1201 Firmware by Tenda

View all CVEs affecting Fh1201 Firmware →

Fh1206 Firmware by Tenda

View all CVEs affecting Fh1206 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network traffic interception, credential theft, and lateral movement into connected networks.

🟠

Likely Case

Router takeover allowing attackers to modify DNS settings, intercept traffic, deploy malware to connected devices, or create persistent backdoors.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering or if exploit attempts are detected and blocked.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exploit code is publicly available on GitHub. The vulnerability requires sending a specially crafted HTTP request to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check Tenda's official website for firmware updates. If available, download the latest firmware and upload it via the router's web interface under System Tools > Firmware Upgrade.

🔧 Temporary Workarounds

Network Segmentation and Access Control

all

Restrict access to router management interface using firewall rules

Disable Remote Management

all

Turn off remote management feature if enabled

🧯 If You Can't Patch

Replace affected routers with supported models from different vendors
Place routers behind dedicated firewalls with strict inbound filtering rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status > Device Information

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version has been updated to a version later than the affected ones

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/webtypelibrary with long webSiteId parameters
Multiple failed authentication attempts followed by buffer overflow patterns

Network Indicators:

HTTP traffic to router management interface containing unusually long parameter values
Traffic patterns matching known exploit payloads

SIEM Query:

source="router_logs" AND (url="/goform/webtypelibrary" AND parameter_length>1000) OR (event_type="buffer_overflow" AND device_model="FH1201" OR device_model="FH1206")

📊 Metadata

CVE ID: CVE-2025-14994

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.11% exploit probability (30.1th percentile)

Published: December 21, 2025

Last Updated: December 31, 2025

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/webtyplibrary/webtypelibrary.md Exploit,Third Party Advisory
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1206/webtyplibrary/webtypelibrary.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.337688 Permissions Required,VDB Entry
https://vuldb.com/?id.337688 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.719153 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.719155 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14994, you might also want to check these: