CVE-2025-15008 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-15008?

CVE-2025-15008 has a CVSS score of 7.3 (HIGH). A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by sending specially crafted HTTP requests to the /goform/L7Port endpoint. This affects all users running Tenda WH450 firmware version 1.0.0.18. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by sending specially crafted HTTP requests to the /goform/L7Port endpoint. This affects all users running Tenda WH450 firmware version 1.0.0.18. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda WH450

Versions: 1.0.0.18

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The /goform/L7Port endpoint appears to be enabled by default in the web management interface.

📦 What is this software?

Wh450 Firmware by Tenda

View all CVEs affecting Wh450 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and potential lateral movement to connected systems.

🟠

Likely Case

Device crash/reboot causing service disruption, or limited code execution allowing attacker to modify device settings and intercept network traffic.

🟢

If Mitigated

Denial of service through device crash if exploit fails to achieve code execution.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via HTTP requests, making internet-exposed devices immediately vulnerable.

🏢 Internal Only: HIGH - Even internally, any attacker on the network can exploit this without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists demonstrating the buffer overflow. The exploit requires sending a specially crafted HTTP request with manipulated 'page' parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Check Tenda website for firmware updates. If update exists, download and install via router web interface.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Tenda WH450 routers from untrusted networks and restrict access to management interface.

Access Control Lists

all

Implement firewall rules to block external access to router management interface (typically port 80/443).

🧯 If You Can't Patch

Replace affected routers with different models that are not vulnerable
Disable remote management and restrict web interface to trusted internal IPs only

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface (typically under System Status or About). If version is 1.0.0.18, device is vulnerable.

Check Version:

No CLI command available. Check via web interface at http://router_ip/ or via router admin panel.

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.0.0.18.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /goform/L7Port with unusually long 'page' parameter values
Router crash/reboot logs
Memory access violation errors

Network Indicators:

HTTP POST requests to /goform/L7Port with large payloads
Unusual traffic patterns to router management interface

SIEM Query:

http.url:"/goform/L7Port" AND http.method:POST AND http.request_body_length > 1000

📊 Metadata

CVE ID: CVE-2025-15008

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.08% exploit probability (23.6th percentile)

Published: December 22, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/L7Prot/L7Prot.md Exploit,Third Party Advisory
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/L7Prot/L7Prot.md#reproduce Exploit,Third Party Advisory
https://vuldb.com/?ctiid.337714 Permissions Required,VDB Entry
https://vuldb.com/?id.337714 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.719317 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15008, you might also want to check these: