CVE-2025-14995 – A stack-based buffer overflow vulnerability exi... (How to Fix)

Q: What is the severity of CVE-2025-14995?

CVE-2025-14995 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability exists in Tenda FH1201 routers version 1.2.0.14(408) affecting the SetIpBind function. Remote attackers can exploit this to execute arbitrary code or cause denial of service. This affects users with vulnerable Tenda FH1201 routers exposed to untrusted networks.

📋 TL;DR

A stack-based buffer overflow vulnerability exists in Tenda FH1201 routers version 1.2.0.14(408) affecting the SetIpBind function. Remote attackers can exploit this to execute arbitrary code or cause denial of service. This affects users with vulnerable Tenda FH1201 routers exposed to untrusted networks.

💻 Affected Systems

Products:

Tenda FH1201

Versions: 1.2.0.14(408)

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable SetIpBind function appears to be accessible via web interface, making default configurations vulnerable.

📦 What is this software?

Fh1201 Firmware by Tenda

View all CVEs affecting Fh1201 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router crash/reboot causing denial of service, potential credential leakage, and limited code execution within router constraints.

🟢

If Mitigated

Denial of service with temporary disruption until router reboots, no persistent compromise if proper network segmentation exists.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and routers are often directly internet-facing with default configurations.

🏢 Internal Only: MEDIUM - Exploitation requires network access but could be leveraged in lateral movement attacks once internal access is gained.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public PoC available on GitHub demonstrates exploitation. The vulnerability is in a web-accessible form handler, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found in provided references

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for FH1201. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router after update.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router administration interface

Network Segmentation

all

Isolate router management interface to trusted network segments only

🧯 If You Can't Patch

Replace affected routers with different models or brands
Implement strict firewall rules blocking all external access to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is exactly 1.2.0.14(408), the device is vulnerable.

Check Version:

Access router web interface at http://[router-ip] and check System Status or Firmware Version page.

Verify Fix Applied:

Verify firmware version has changed from 1.2.0.14(408) to a newer version after update.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetIpBind
Router crash/reboot logs
Multiple failed login attempts followed by SetIpBind access

Network Indicators:

HTTP POST requests to router IP on port 80/443 targeting /goform/SetIpBind with abnormal parameter lengths
Sudden router unavailability

SIEM Query:

source="router_logs" AND (uri="/goform/SetIpBind" OR message="crash" OR message="reboot")

📊 Metadata

CVE ID: CVE-2025-14995

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.1% exploit probability (26.8th percentile)

Published: December 21, 2025

Last Updated: December 31, 2025

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md Exploit,Third Party Advisory
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md#reproduce Exploit,Third Party Advisory
https://vuldb.com/?ctiid.337689 Permissions Required,VDB Entry
https://vuldb.com/?id.337689 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.719154 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14995, you might also want to check these: