CVE-2025-15162 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-15162?

CVE-2025-15162 has a CVSS score of 7.2 (HIGH). A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the /goform/RouteStatic endpoint. This affects Tenda WH450 routers running firmware version 1.0.0.18. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the /goform/RouteStatic endpoint. This affects Tenda WH450 routers running firmware version 1.0.0.18. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda WH450

Versions: 1.0.0.18

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected. The /goform/RouteStatic endpoint appears to be part of the web management interface.

📦 What is this software?

Wh450 Firmware by Tenda

View all CVEs affecting Wh450 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, persistent backdoor installation, and botnet recruitment.

🟠

Likely Case

Remote code execution resulting in device takeover, credential theft, network traffic interception, and denial of service.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and public PoC exists.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the device.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists on GitHub demonstrating the buffer overflow. The vulnerability requires sending crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Access router admin interface 4. Navigate to firmware upgrade section 5. Upload and apply new firmware 6. Reboot router

🔧 Temporary Workarounds

Network Access Control

all

Block external access to router web interface and restrict internal access to trusted IPs only

Firewall Rules

all

Implement firewall rules to block access to port 80/443 on affected routers from untrusted networks

🧯 If You Can't Patch

Isolate affected routers in separate VLAN with strict access controls
Implement network monitoring for exploitation attempts targeting /goform/RouteStatic endpoint

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is 1.0.0.18, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Upgrade section

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.0.0.18

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /goform/RouteStatic with unusual page parameter values
Router crash/reboot logs
Unusual outbound connections from router

Network Indicators:

HTTP POST requests to /goform/RouteStatic with crafted page parameters
Unusual traffic patterns from router IP

SIEM Query:

source="router_logs" AND (uri="/goform/RouteStatic" OR message="buffer overflow" OR message="crash")

📊 Metadata

CVE ID: CVE-2025-15162

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (34th percentile)

Published: December 29, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/RouteStatic/RouteStatic.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.338537 Permissions Required,VDB Entry
https://vuldb.com/?id.338537 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.721210 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15162, you might also want to check these: