CVE-2025-15046 – This is a critical stack-based buffer overflow ... (How to Fix)

Q: What is the severity of CVE-2025-15046?

CVE-2025-15046 has a CVSS score of 9.8 (CRITICAL). This is a critical stack-based buffer overflow vulnerability in Tenda WH450 routers that allows remote attackers to execute arbitrary code by sending specially crafted HTTP requests. Attackers can exploit this without authentication to potentially take full control of affected devices. All users running Tenda WH450 firmware version 1.0.0.18 are affected.

📋 TL;DR

This is a critical stack-based buffer overflow vulnerability in Tenda WH450 routers that allows remote attackers to execute arbitrary code by sending specially crafted HTTP requests. Attackers can exploit this without authentication to potentially take full control of affected devices. All users running Tenda WH450 firmware version 1.0.0.18 are affected.

💻 Affected Systems

Products:

Tenda WH450

Versions: 1.0.0.18

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the HTTP Request Handler component specifically in the /goform/PPTPClient endpoint. The vulnerability is in how the netmsk parameter is processed.

📦 What is this software?

Wh450 Firmware by Tenda

View all CVEs affecting Wh450 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, persistent backdoor installation, and botnet recruitment.

🟠

Likely Case

Remote code execution resulting in device takeover, credential theft, network traffic interception, and denial of service.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication via HTTP requests.

🏢 Internal Only: HIGH - Even internally, the vulnerability requires no authentication and can be exploited by any network-adjacent attacker.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exploit code is available on GitHub. The vulnerability requires sending a specially crafted HTTP POST request to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for WH450. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Block HTTP access to router management

all

Configure firewall rules to block external HTTP access to router management interface (typically port 80).

Disable PPTP client functionality

all

If PPTP client feature is not needed, disable it in router settings to remove the vulnerable endpoint.

🧯 If You Can't Patch

Segment affected routers into isolated network zones with strict firewall rules
Implement network monitoring for suspicious HTTP requests to /goform/PPTPClient endpoint

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 1.0.0.18, the device is vulnerable.

Check Version:

Log into router web interface and check System Status or Firmware Version page

Verify Fix Applied:

After updating firmware, verify the version is no longer 1.0.0.18 and test that the /goform/PPTPClient endpoint responds appropriately to malformed requests.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/PPTPClient with unusually long netmsk parameter
Router crash/reboot logs
Unusual process execution

Network Indicators:

HTTP traffic to router IP on port 80 with POST to /goform/PPTPClient
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (uri="/goform/PPTPClient" AND method="POST" AND param_length>100)

📊 Metadata

CVE ID: CVE-2025-15046

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (33.9th percentile)

Published: December 23, 2025

Last Updated: December 30, 2025

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/PPTPClient/PPTPClient.md Exploit,Third Party Advisory
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/PPTPClient/PPTPClient.md#reproduce Exploit
https://vuldb.com/?ctiid.337851 Permissions Required,VDB Entry
https://vuldb.com/?id.337851 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.720883 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15046, you might also want to check these: